North Korea's hacking strategy has evolved, moving from financial intermediaries to direct cryptocurrency theft, resulting in the formation of advanced groups like TraderTraitor. This group is linked to significant cybercrimes, including a $308 million theft from Japan's DMM in March 2024. Utilizing sophisticated tactics such as spear-phishing and the creation of fake online personas, TraderTraitor targets employees in the Web3 sector. Recent findings indicate their practice of using custom malware targeting macOS systems, showcasing their technological prowess and knowledge of the industry they exploit.
TraderTraitor is the most sophisticated of all, and why? Because APT38 was the A team.
They know the individuals that work at these companies, they track them, they have profiles on them, they know which trading platforms are doing the most volume.
TraderTraitor created fake accounts on the coding platform, plus LinkedIn, Slack, and Telegram to target developers.
The group has been seen using custom backdoors, such as PLOTTWIST and TIEDYE, that target macOS.
Collection
[
|
...
]