ICIC
UN

DevMan

Low ConfidenceMedium Threat

Developer Manipulation

DevMan is a threat actor targeting software development environments and developer infrastructure. The group uses supply chain attack techniques including malicious packages and compromised development tools. DevMan's operations focus on gaining access to software development pipelines for both espionage and financial gain purposes.

Origin: Unknown
Sponsor: Multiple Threat Actors
Active: 2022 - Present
Victims: 500+ developers
Advanced
Active
Financial GainEspionage
Risk Assessment
61
Composite Risk Score
Medium Risk
ARCS Compliance62
Escalation Risk65
Grievance Index60
Infrastructure Impact55
History & Evolution

DevMan is a threat actor targeting software development environments and developer infrastructure. The group uses supply chain attack techniques including malicious packages and compromised development tools. DevMan's operations focus on gaining access to software development pipelines for both espionage and financial gain purposes.

Targeting

Target Sectors

TechnologyCryptocurrencySoftware Development

Target Regions

Global
Attribution & Affiliations

Attributed to Multiple Threat Actors (Unknown). Attribution confidence: Low.

Intelligence Assessment
Medium
Threat Level
Moderately
Targeting
Moderately
Adaptability
Medium
Persistence
Continuous
Op Tempo
Active
Status

Future Outlook

DevMan is expected to continue operations targeting Technology sectors.

Timeline of Key Events
2022
Major

First observed activity of DevMan

2024
Moderate

Continued active operations