Advisoryseverity: High2022-04-18
CISA/FBI/Treasury joint advisory AA22-108A on TraderTraitor
published by CISA
Actor
DPRK state-sponsored intrusion set treated by most vendors as the financial-operations subgroup of Lazarus, attributed to the Reconnaissance General Bureau. Responsible for the major SWIFT-network ba…
Summary
FBI, CISA, and the U.S. Treasury issued joint advisory AA22-108A warning that a DPRK state-sponsored APT tracked as Lazarus, APT38, BlueNoroff, and Stardust Chollima was targeting blockchain firms with trojanised cryptocurrency trading applications collectively named TraderTraitor. The malware family is built on cross-platform Electron/Node.js code, delivered through spearphishing that mimics recruiter outreach to DevOps and IT staff at crypto exchanges and DeFi protocols.
Tags
advisorycryptocurrencytradertraitordprk
Primary source
cisa.govOther BlueNoroff events
- 2023-11-01Elastic Security Labs exposes KANDYKORN macOS intrusion at crypto exchange
- 2023-04-21Jamf Threat Labs discloses RustBucket macOS malware tied to BlueNoroff
- 2022-01-13Kaspersky exposes SnatchCrypto campaign draining cryptocurrency startups
- 2017-04-03Securelist 'Lazarus Under the Hood' details Bangladesh Bank SWIFT heist