Profiling TradeTraitor: Tactics, History & Defenses
Contents
Profiling TradeTraitor: Tactics, History & Defenses
This post is part of our ongoing series on cloud-focused threat actors, designed to increase visibility and awareness of their methods, bolster your defenses, and help close the gap between traditional cyber threat intelligence (CTI) and cloud security. Each installment will spotlight some well-known and lesser-known adversaries in the cloud, providing a concise profile, mapped TTPs, and an incident response checklist.
Summary
- Threat Actor: TradeTraitor (DPRK-nexus), a.k.a. Jade Sleet, UNC4899, Slow Pisces.
- Motivation: State-affiliated seeking financial gain.
- Targeting: AWS environments, cryptocurrency industry, and adjacent financial sectors.
- Attack Types: Supply chain compromise, credential theft, cloud service abuse, etc.
- Defenses: Enable AWS logging, enforce MFA and least-privilege IAM, secure endpoints & monitor network traffic, harden AWS services, rotate credentials, etc.
Overview
TradeTraitor is a DPRK-nexus threat actor assessed to be affiliated with North Koreaâs Reconnaissance General Bureau. Primarily driven by state-sponsored revenue generation to evade sanctions and fund the regimeâs …
This post is part of our ongoing series on cloud-focused threat actors, designed to increase visibility and awareness of their methods, bolster your defenses, and help close the gap between traditional cyber threat intelligence (CTI) and cloud security. Each installment will spotlight some well-known and lesser-known adversaries in the cloud, providing a concise profile, mapped TTPs, and an incident response checklist.
Summary
- Threat Actor: TradeTraitor (DPRK-nexus), a.k.a. Jade Sleet, UNC4899, Slow Pisces.
- Motivation: State-affiliated seeking financial gain.
- Targeting: AWS environments, cryptocurrency industry, and adjacent financial sectors.
- Attack Types: Supply chain compromise, credential theft, cloud service abuse, etc.
- Defenses: Enable AWS logging, enforce MFA and least-privilege IAM, secure endpoints & monitor network traffic, harden AWS services, rotate credentials, etc.
Overview
TradeTraitor is a DPRK-nexus threat actor assessed to be affiliated with North Koreaâs Reconnaissance General Bureau. Primarily driven by state-sponsored revenue generation to evade sanctions and fund the regimeâs …