Jade Sleet, also known as TraderTraitor and UNC4899, is a North Korean state-sponsored threat actor that primarily targets blockchain and cryptocurrency companies. GitHub has expressed "high confidence" that this group is behind an ongoing campaign targeting personal user accounts associated with blockchain, cryptocurrency, and online gambling sectors. The group's activities support Pyongyang's objectives, and they have been implicated in the JumpCloud hack and other major cybersecurity incidents. In addition to these sectors, Jade Sleet has also targeted vendors used by the affected firms, broadening their attack surface.
In July 2023, GitHub disclosed details of a campaign where adversaries tracked as TraderTraitor (aka Jade Sleet) utilized fake personas to target the cybersecurity sector among others. This campaign involved the use of GitHub repos and weaponized npm packages in a sophisticated spear-phishing scheme aimed at employees of cryptocurrency and technology organizations. Sometimes, these actors even take over legitimate accounts to further their malicious activities, as noted by GitHub's Alexis Wales.
Despite similarities in their targets, Jade Sleet differentiates itself from another prolific North Korean actor, Lazarus, through unique structures and styles in its malicious code packages. This differentiation was discovered by CheckMarx, highlighting the group's distinct operational methods. Microsoft and the U.S. law enforcement agency have attributed these attacks to Jade Sleet, underscoring the group's significant role in the landscape of cyber threats.
Description last updated: 2024-09-10T03:19:41.676Z