Sinbad

Threat Actor Profile Updated 3 months ago
Download STIX
Preview STIX
Sinbad is a threat actor suspected to be operated by North Korean operatives, primarily for the purpose of laundering stolen cryptocurrency. According to Chainalysis, Sinbad processed $24 million in December and January, indicating its use as a new mixing service. However, it's effectiveness is yet to be determined in comparison to other established services like Tornado Cash. The link between the Sinbad mixer and the Atomic Wallet, as identified by Elliptic, suggests the involvement of Lazarus Group, a notorious North Korean hacking team known for their cyber heists. The US Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned Sinbad, along with other crypto-mixing services such as Tornado Cash and Blender.io, which were reportedly used by North Korean hacking groups to launder funds stolen in multiple hacks including those of Atomic Wallet, Axie Infinity, Nomad, and Horizon. The Lazarus Group has allegedly used Sinbad to process millions of dollars worth of virtual currency from these crypto heists. Furthermore, researchers have noted that the stolen assets are being laundered using specific services, including Sinbad, which have also been used to launder proceeds from past hacks perpetrated by the Lazarus Group. However, in November, US authorities seized Sinbad, forcing the Lazarus Group to shift back to using Tornado Cash. This action was followed by an increase in the use of another mixer, YoMix, after the takedown of Sinbad. It is believed that the Lazarus Group is using this Bitcoin mixer to launder funds, with inflows growing more than five-fold in 2023. Despite these measures, the trail of $54 million of Bitcoin sent to the Sinbad mixer has gone cold, according to Elliptic.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Lazarus Group
4
The Lazarus Group, a notorious threat actor believed to be linked to North Korea, has been attributed with a series of significant cyber-attacks over the past few years. The group's malicious activities include the exploitation of digital infrastructure, stealing cryptocurrency, and executing large-
Blender
3
Blender, a renowned threat actor known for its involvement in the cybersecurity landscape, has recently been under scrutiny due to its alleged role in facilitating illegal transactions. Last year, the US imposed sanctions on crypto mixers Tornado Cash and Blender, targeting them as part of a broader
sinbad.io
2
Sinbad.io, a threat actor identified as a popular money-laundering outlet for state-sponsored crypto thieves, emerged as a significant player in the cybercrime landscape over the past few years. Following U.S. sanctions on Tornado Cash, a previously favored service by North Korean hackers to obfusca
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Bitcoin
State Sponso...
Korean
Tool
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
HermitUnspecified
1
Hermit is a malicious software (malware) linked to North Korea, also known as the "Hermit Kingdom" due to its isolationist policies. This malware, along with others like Pegasus and DevilsTongue, targeted Apple users leading to a wave of sophisticated attacks in July 2022. In response, Apple develop
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Tornado CashUnspecified
2
Tornado Cash, a known threat actor in the cybersecurity landscape, has been under the spotlight for its illicit activities. The group is associated with various malicious intents and actions, ranging from a single person to a private company or even part of a government entity. In recent times, it h
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Sinbad Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
BankInfoSecurity
4 months ago
Cryptohack Roundup: Ray Eviscerates Bankman-Fried
CERT-EU
4 months ago
Lazarus Group hackers appear to return to Tornado Cash for money laundering | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
4 months ago
North Korean hackers are laundering millions worth of crypto through a sanctioned 'mixer'
CERT-EU
4 months ago
Lazarus Group taps Tornado Cash to launder Heco Bridge, HTX hack proceeds | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
4 months ago
North Korean Hackers Used Tornado Cash to Launder $12M From Heco Bridge Hack: Elliptic | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
InfoSecurity-magazine
5 months ago
Crypto-Money Laundering Records 30% Annual Decline
CERT-EU
a year ago
North Korea shows off surveillance satellite
CERT-EU
9 months ago
FTX Thief Cashes Out Millions During Bankman-Fried Trial - Slashdot
DARKReading
8 months ago
Feds Seize 'Sinbad' Crypto Mixer Used by North Korea's Lazarus
CERT-EU
9 months ago
FTX thief cashes out millions during Bankman-Fried trial
InfoSecurity-magazine
a year ago
Record $3.8bn Stolen Via Crypto in 2022
CERT-EU
a year ago
Tornado Cash 'laundered over $1B' in criminal cryptocurrency
CERT-EU
8 months ago
North Korea's Lazarus Group Rakes in $3 Billion from Cryptocurrency Hacks
CERT-EU
a year ago
Inside the international sting operation to catch North Korean crypto hackers
CERT-EU
a year ago
North Korea's Lazarus Group linked to Atomic Wallet heist
CERT-EU
7 months ago
North Korean crypto hackers raided $600m in 2023 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
8 months ago
Over $3M worth of crypto amassed by North Korean hackers
CERT-EU
8 months ago
North Korean hackers have pilfered $3B of crypto over past six years: Report | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker | National Cyber Security Consulting
CERT-EU
8 months ago
North Korea's state hackers stole $3 billion in crypto since 2017
CERT-EU
8 months ago
North Korea's Lazarus Group Rakes in $3 Billion from Cryptocurrency Hacks