TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies
Contents
TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies
Summary
Actions to take today to mitigate cyber threats to cryptocurrency:
• Patch all systems.
• Prioritize patching known exploited vulnerabilities.
• Train users to recognize and report phishing attempts.
• Use multifactor authentication.
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Treasury Department (Treasury) are issuing this joint Cybersecurity Advisory (CSA) to highlight the cyber threat associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat (APT) group since at least 2020. This group is commonly tracked by the cybersecurity industry as Lazarus Group, APT38, BlueNoroff, and Stardust Chollima. For more information on North Korean state-sponsored malicious cyber activity, visit https://www.us-cert.cisa.gov/northkorea.
The U.S. government has observed North Korean cyber actors targeting a variety of organizations in the blockchain technology and cryptocurrency industry, including cryptocurrency exchanges, decentralized finance (DeFi) protocols, play-to-earn cryptocurrency video games, cryptocurrency trading companies, …
Summary
Actions to take today to mitigate cyber threats to cryptocurrency:
• Patch all systems.
• Prioritize patching known exploited vulnerabilities.
• Train users to recognize and report phishing attempts.
• Use multifactor authentication.
The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the U.S. Treasury Department (Treasury) are issuing this joint Cybersecurity Advisory (CSA) to highlight the cyber threat associated with cryptocurrency thefts and tactics used by a North Korean state-sponsored advanced persistent threat (APT) group since at least 2020. This group is commonly tracked by the cybersecurity industry as Lazarus Group, APT38, BlueNoroff, and Stardust Chollima. For more information on North Korean state-sponsored malicious cyber activity, visit https://www.us-cert.cisa.gov/northkorea.
The U.S. government has observed North Korean cyber actors targeting a variety of organizations in the blockchain technology and cryptocurrency industry, including cryptocurrency exchanges, decentralized finance (DeFi) protocols, play-to-earn cryptocurrency video games, cryptocurrency trading companies, …
IoC
104.168.98.156
107.154.160.132
108.170.55.202
151.101.64.119
160.153.235.20
185.66.41.17
199.188.103.115
1c7d0ae1c4d2c0b70f75eab856327956
1ca31319721740ecb79f4b9ee74cd9b0
38.132.124.161
3f2c1e60b5fac4cf1013e3e1fc688be490d71a84
41f855b54bf3db621b340b7c59722fb493ba39a5
45.14.227.58
46.16.62.238
48a6d5141e25b6c63ad8da20b954b56afe589031
4e5ebbecd22c939f0edf1d16d68e8490
53d9af8829a9c7f6f177178885901c01
5b40b73934c1583144f41d8463e227529fa7157e26e6012babd062e3fd7e0b03
5d43baf1c9e9e3a939e5defd8f8fbd8d
60b3cfe2ec3100caf4afde734cfd5147f78acf58ab17d4480196831db4aa5f18
62.84.240.140
765a79d22330098884e0f7ce692d61c40dfcf288826342f33d976d8314cfd819
82.102.31.14
8397ea747d2ab50da4f876a36d673272
855b2f4c910602f895ee3c94118e979a
867c8b49d29ae1f6e4a7cd31b6fe7e278753a1ba03d4be338ed11fd1efc7dd36
89.45.4.151
89b5e248c222ebf2cb3b525d3650259e01cf7d8fff5e4aa15ccd7512b1e63957
8acd7c2708eb1119ba64699fd702ebd96c0d59a66cba5059f4e089f4b0914925
8e67006585e49f51db96604487138e688df732d3
930f6f729e5c4d5fb52189338e549e5e
9578c2be6437dcc8517e78a5de1fa975
9a6307362e3331459d350a201ad66cd9
9ba02f8a985ec1a99ab7b78fa678f26c0273d91ae7cbe45b814e6775ec477598
9d9dda39af17a37d92b429b68f4a8fc0a76e93ff1bd03f06258c51b73eb40efa
ae9f4e39c576555faadee136c6c3b2d358ad90b9
b2d9ca7b6d1bbbe4864ea11dfca343b7e15597d8
c2ea5011a91cd59d0396eb4fa8da7d21
d2a77c31c3e169bec655068e96cf4e7fc52e77b8
d5ff73c043f3bb75dd749636307500b60a436550
dced1acbbe11db2b9e7ae44a617f3c12d6613a8188f6a1ece0451e4cd4205156
e3d98cc4539068ce335f1240deb1d72a0b57b9ca5803254616ea4999b66703ad
f0e8c29e3349d030a97f4a8673387c2e21858cccd1fb9ebbf9009b27743b2e5b
f1606d4d374d7e2ba756bdd4df9b780748f6dc98
f3263451f8988a9b02268f0fb6893f7c41b906d9
ff17bd5abe9f4939918f27afbe0072c18df6db37
http://104.168.98.156
http://107.154.160.132
http://108.170.55.202
http://151.101.64.119
http://160.153.235.20
http://185.66.41.17
http://199.188.103.115
http://38.132.124.161
http://45.14.227.58
http://46.16.62.238
http://62.84.240.140
http://89.45.4.151
http://aideck.net
http://alticgo.com
http://creaideck.com
http://cryptais.com
http://dafnefonseca.com
http://dafom.dev
http://esilet.com
http://greenvideo.nl
http://haciendadeclarevot.com
http://infodigitalnew.com
http://sche-eg.org
http://tokenais.com
http://www.vinoymas.ch
https://aideck.net/board.php
https://dafnefonseca.com/wp-content/themes/top.php
https://github.com/dafomdev
https://greenvideo.nl/wp-content/themes/top.php
https://haciendadeclarevot.com/wp-content/top.php
https://infodigitalnew.com/wp-content/plugins/top.php
https://sche-eg.org/plugins/top.php
https://www.alticgo.com/update/
https://www.esilet.com/update/
https://www.vinoymas.ch/wp-content/plugins/top.php
107.154.160.132
108.170.55.202
151.101.64.119
160.153.235.20
185.66.41.17
199.188.103.115
1c7d0ae1c4d2c0b70f75eab856327956
1ca31319721740ecb79f4b9ee74cd9b0
38.132.124.161
3f2c1e60b5fac4cf1013e3e1fc688be490d71a84
41f855b54bf3db621b340b7c59722fb493ba39a5
45.14.227.58
46.16.62.238
48a6d5141e25b6c63ad8da20b954b56afe589031
4e5ebbecd22c939f0edf1d16d68e8490
53d9af8829a9c7f6f177178885901c01
5b40b73934c1583144f41d8463e227529fa7157e26e6012babd062e3fd7e0b03
5d43baf1c9e9e3a939e5defd8f8fbd8d
60b3cfe2ec3100caf4afde734cfd5147f78acf58ab17d4480196831db4aa5f18
62.84.240.140
765a79d22330098884e0f7ce692d61c40dfcf288826342f33d976d8314cfd819
82.102.31.14
8397ea747d2ab50da4f876a36d673272
855b2f4c910602f895ee3c94118e979a
867c8b49d29ae1f6e4a7cd31b6fe7e278753a1ba03d4be338ed11fd1efc7dd36
89.45.4.151
89b5e248c222ebf2cb3b525d3650259e01cf7d8fff5e4aa15ccd7512b1e63957
8acd7c2708eb1119ba64699fd702ebd96c0d59a66cba5059f4e089f4b0914925
8e67006585e49f51db96604487138e688df732d3
930f6f729e5c4d5fb52189338e549e5e
9578c2be6437dcc8517e78a5de1fa975
9a6307362e3331459d350a201ad66cd9
9ba02f8a985ec1a99ab7b78fa678f26c0273d91ae7cbe45b814e6775ec477598
9d9dda39af17a37d92b429b68f4a8fc0a76e93ff1bd03f06258c51b73eb40efa
ae9f4e39c576555faadee136c6c3b2d358ad90b9
b2d9ca7b6d1bbbe4864ea11dfca343b7e15597d8
c2ea5011a91cd59d0396eb4fa8da7d21
d2a77c31c3e169bec655068e96cf4e7fc52e77b8
d5ff73c043f3bb75dd749636307500b60a436550
dced1acbbe11db2b9e7ae44a617f3c12d6613a8188f6a1ece0451e4cd4205156
e3d98cc4539068ce335f1240deb1d72a0b57b9ca5803254616ea4999b66703ad
f0e8c29e3349d030a97f4a8673387c2e21858cccd1fb9ebbf9009b27743b2e5b
f1606d4d374d7e2ba756bdd4df9b780748f6dc98
f3263451f8988a9b02268f0fb6893f7c41b906d9
ff17bd5abe9f4939918f27afbe0072c18df6db37
http://104.168.98.156
http://107.154.160.132
http://108.170.55.202
http://151.101.64.119
http://160.153.235.20
http://185.66.41.17
http://199.188.103.115
http://38.132.124.161
http://45.14.227.58
http://46.16.62.238
http://62.84.240.140
http://89.45.4.151
http://aideck.net
http://alticgo.com
http://creaideck.com
http://cryptais.com
http://dafnefonseca.com
http://dafom.dev
http://esilet.com
http://greenvideo.nl
http://haciendadeclarevot.com
http://infodigitalnew.com
http://sche-eg.org
http://tokenais.com
http://www.vinoymas.ch
https://aideck.net/board.php
https://dafnefonseca.com/wp-content/themes/top.php
https://github.com/dafomdev
https://greenvideo.nl/wp-content/themes/top.php
https://haciendadeclarevot.com/wp-content/top.php
https://infodigitalnew.com/wp-content/plugins/top.php
https://sche-eg.org/plugins/top.php
https://www.alticgo.com/update/
https://www.esilet.com/update/
https://www.vinoymas.ch/wp-content/plugins/top.php