Tradertraitor

Threat Actor Profile Updated 2 months ago
Download STIX
Preview STIX
TraderTraitor, also known as Lazarus Group or APT38, is a threat actor attributed to the North Korean government. This group has been linked by the FBI to several recent cyberattacks on cryptocurrency platforms, with hundreds of millions of dollars in cryptocurrency stolen. The attacks share similarities with another North Korean cyberattack detected in June 2022, and have also been associated with another cluster known as Jade Sleet or UNC4899, implicated in the JumpCloud hack. The group employs TraderTraitor malware, which infiltrates company networks to execute fraudulent blockchain transactions when victims interact with malicious content. In July 2023, GitHub revealed an npm campaign where adversaries tracked as TraderTraitor used fake personas to target the cybersecurity sector, among others. The FBI has warned that the Democratic People's Republic of Korea (DPRK) may attempt to cash out bitcoin worth more than $40 million, with investigations showing approximately 1,580 bitcoin moved from several cryptocurrency heists by TraderTraitor-affiliated actors. The DPRK's TraderTraitor group is suspected of orchestrating these heists, targeting cryptocurrency workers and blockchain companies. Previously, the FBI linked the Lazarus Group to the cyberattack of Harmony Bridge, where $100 million was stolen, and the blockchain-based game Axie Infinity, where a staggering $620 million worth of cryptocurrency was stolen. With the ongoing campaigns, it is evident that the North Korean threat actor, variously tracked as Jade Sleet, TraderTraitor, or Lazarus, continues to pose significant risks to the cryptocurrency industry. As such, there is a pressing need for increased vigilance and robust cybersecurity measures to counteract this persistent threat.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Lazarus Group
3
The Lazarus Group, a threat actor attributed to North Korea, is renowned for its notorious cyber-exploitation activities. The group has been linked to various high-profile cyber-attacks, including the largest decentralized finance exploit in history, the Ronin exploit of March 2022. This attack led
APT38
3
APT38, also known as TA444, BlueNoroff, BlackAlicanto, Coperenicum, Sapphire Sleet, Stardust Chollima, and TraderTraitor, is a threat actor group suspected to be backed by the North Korean regime. The group has been active in operations across over 16 organizations in at least 11 countries, primaril
Celas Trade Pro
1
Celas Trade Pro is a malicious software application posing as a cryptocurrency trading platform. It was developed by North Korean hackers, referred to as HIDDEN COBRA by the U.S. government, as part of a series of deceptive applications collectively known as the "AppleJeus" family of malware. These
Jade Sleet
1
Jade Sleet, also known as TraderTraitor and UNC4899, is a North Korean state-sponsored threat actor primarily targeting personal GitHub user accounts connected to the blockchain, cryptocurrency, and online gambling sectors. Their activities support Pyongyang's objectives, with GitHub expressing "hig
Unc4899
1
UNC4899, also known as TraderTraitor and Jade Sleet, is a threat actor identified by Google's Mandiant as a North Korean hacking group with a focus on cryptocurrency-related activities. The group operates under the auspices of North Korea's Reconnaissance General Bureau (RGB) and primarily targets b
AppleJeus
1
AppleJeus is a notorious malware attributed to the North Korean APT Lazarus Group, designed primarily to steal cryptocurrency. This malicious software has been a key instrument in North Korea's financial theft operations, with threat groups pilfering $2.3 billion USD worth of crypto assets between M
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Fbi
Bitcoin
Rat
Celas Trade ...
Github
Korean
Dprk
Malware
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Tradertraitor Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
5 months ago
Connect the Dots on State-Sponsored Cyber Incidents - Targeting of GitHub users with an interest in cryptocurrency
CERT-EU
8 months ago
North Korean Hackers Pose as Job Recruiters and Seekers in Malware Campaigns
CERT-EU
9 months ago
Connect the Dots on State-Sponsored Cyber Incidents - Targeting of cryptocurrency company employees
CERT-EU
9 months ago
Connect the Dots on State-Sponsored Cyber Incidents - Targeting of GitHub users with an interest in cryptocurrency
CERT-EU
10 months ago
Hong Kong crypto business Mixin says hackers stole $200 million in assets
CERT-EU
10 months ago
North Korean Hackers Exploit Zero-Day Bug to Target Cybersecurity Researchers
InfoSecurity-magazine
a year ago
FBI Flags $40M Crypto Cash-Out Plot By North Korean Hackers
CERT-EU
a year ago
North Korea ready to cash out more than $40 million in Bitcoin after summer of attacks, warns FBI
Securityaffairs
a year ago
DoJ charged Tornado Cash founders with laundering more than $1 billion
CERT-EU
a year ago
FBI: North Korean hackers transferred $40 million in stolen cryptocurrency funds in one day
CERT-EU
a year ago
FBI warns North Korean hackers poised to cash out more than $40 million in bitcoin
Securityaffairs
a year ago
FBI identifies wallets holding cryptocurrency funds stolen by North Korea
CERT-EU
a year ago
FBI Finds 1,580 Bitcoin in Crypto Wallets Linked to North Korean Hackers 
CERT-EU
a year ago
North Korea’s Lazarus hackers behind recent crypto heists: FBI
CERT-EU
a year ago
FBI: DPRK cyber crooks may try to cash out $40m in crypto
CERT-EU
a year ago
North Korean Affiliates Suspected in $40M Cryptocurrency Heist, FBI Warns
CERT-EU
a year ago
GitHub Developers Targeted by North Korea’s Lazarus Group
CERT-EU
a year ago
N. Korean Lazarus Group Suspected in $37.3M CoinsPaid Crypto Heist
BankInfoSecurity
a year ago
JumpCloud Hackers Likely Targeting GitHub Accounts Too
CERT-EU
a year ago
Cyber Security Week In Review: July 21, 2023