TraderTraitor: Deep Dive
Contents
TraderTraitor is a cluster of North Korean activity aimed at stealing digital assets (cryptocurrencies such as Bitcoin and Ether). In addition to leveraging traditional techniques such as sending phishing emails and infecting victims with trojanized software, TraderTraitor has conducted more complex operations including supply chain compromises and diverting legitimate transactions. Since its first public mention in 2022, TraderTraitor has been linked to major cryptocurrency thefts and has targeted cloud services and software development platforms in operations like the JumpCloud supply chain attack and the ByBit hack. Given the nature of this actor’s current activities and the threat they pose to cloud customers globally, Wiz Threat Research has decided to publish this deep-dive into their history and tradecraft.
Who is TraderTraitor?
"TraderTraitor" was originally a codename used by the U.S. government to describe a cluster of North Korean state-sponsored cyber activity. In an April 2022 joint advisory, the FBI, CISA, and U.S. Treasury …
Who is TraderTraitor?
"TraderTraitor" was originally a codename used by the U.S. government to describe a cluster of North Korean state-sponsored cyber activity. In an April 2022 joint advisory, the FBI, CISA, and U.S. Treasury …