Tradertraitor

Threat Actor updated 2 months ago (2024-11-29T14:51:05.974Z)

Download STIX

Preview STIX

TraderTraitor, a threat actor attributed to the North Korean government's APT38 hacking group also known as Lazarus, has been implicated in a series of cyberattacks targeting cryptocurrency platforms. The FBI has recently linked TraderTraitor to the theft of hundreds of millions of dollars in cryptocurrency, tracking blockchain activity associated with the Democratic People's Republic of Korea (DPRK). Over the last 24 hours, the agency has identified movement of approximately 1,580 bitcoin, worth more than $40 million, from several cryptocurrency heists carried out by TraderTraitor-affiliated actors. It is believed that DPRK may attempt to cash out this stolen cryptocurrency. The threat actor uses a malware, also named TraderTraitor, to infiltrate company networks and execute fraudulent blockchain transactions. The recent attacks share commonalities with another North Korean cyberattack detected in June 2022, also executed by TraderTraitor. The attack involved victims downloading the TraderTraitor malware after clicking on malicious links, enabling the hackers to gain control over their devices. In addition to these attacks, TraderTraitor was also implicated in the Harmony intrusion, where the same malware was utilized. In July 2023, GitHub disclosed details of an npm campaign in which adversaries tracked as TraderTraitor, also referred to as Jade Sleet or UNC4899, used fake personas to target the cybersecurity sector among others. This cluster has since been implicated in the JumpCloud hack that took place around the same time. The FBI had attributed three other attacks on cryptocurrency platforms to TraderTraitor back in August. These series of events highlight TraderTraitor's persistent and evolving threats to the cybersecurity landscape, particularly in the realm of cryptocurrency.

Description last updated: 2024-09-10T03:18:45.533Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Lazarus Group is a possible alias for Tradertraitor. The Lazarus Group, a notorious threat actor attributed to North Korea, is renowned for its malicious activities aimed at furthering the country's objectives. This group has been implicated in several high-profile cyber-attacks, including an attack in Spain known as Operation DreamJob. The exploitati	3
APT38 is a possible alias for Tradertraitor. APT38, a threat actor suspected to be backed by the North Korean regime, has been responsible for some of the largest cyber heists observed to date. The group has conducted operations in over 16 organizations across at least 11 countries, primarily targeting financial institutions worldwide. Despite	3

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Malware

Bitcoin

Fbi

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The malware Slow Pisces is associated with Tradertraitor.	Unspecified	2

Source Document References

Information about the Tradertraitor Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	a month ago	Security Affairs newsletter Round 504 by Pierluigi Paganini – INTERNATIONAL EDITION
InfoSecurity-magazine	a month ago	US and Japan Blame North Korea for $308m Crypto Heist
Unit42	5 months ago	Threat Assessment: North Korean Threat Groups
Securityaffairs	5 months ago	Russian national arrested in Argentina for laundering money of crooks and Lazarus APT
CERT-EU	a year ago	Connect the Dots on State-Sponsored Cyber Incidents - Targeting of GitHub users with an interest in cryptocurrency
CERT-EU	a year ago	North Korean Hackers Pose as Job Recruiters and Seekers in Malware Campaigns
CERT-EU	a year ago	Connect the Dots on State-Sponsored Cyber Incidents - Targeting of cryptocurrency company employees
CERT-EU	a year ago	Connect the Dots on State-Sponsored Cyber Incidents - Targeting of GitHub users with an interest in cryptocurrency
CERT-EU	a year ago	Hong Kong crypto business Mixin says hackers stole $200 million in assets
CERT-EU	a year ago	North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers
InfoSecurity-magazine	a year ago	FBI Flags $40M Crypto Cash-Out Plot By North Korean Hackers
CERT-EU	a year ago	North Korea ready to cash out more than $40 million in Bitcoin after summer of attacks, warns FBI
Securityaffairs	a year ago	DoJ charged Tornado Cash founders with laundering more than $1 billion
CERT-EU	a year ago	FBI: North Korean hackers transferred $40 million in stolen cryptocurrency funds in one day
CERT-EU	a year ago	FBI warns North Korean hackers poised to cash out more than $40 million in bitcoin
Securityaffairs	a year ago	FBI identifies wallets holding cryptocurrency funds stolen by North Korea
CERT-EU	a year ago	FBI Finds 1,580 Bitcoin in Crypto Wallets Linked to North Korean Hackers
CERT-EU	a year ago	North Korea’s Lazarus hackers behind recent crypto heists: FBI
CERT-EU	a year ago	FBI: DPRK cyber crooks may try to cash out $40m in crypto
CERT-EU	a year ago	North Korean Affiliates Suspected in $40M Cryptocurrency Heist, FBI Warns