TraderTraitor Hacks Cloud to Steal Billions in Crypto

A North Korean hacking unit known as TraderTraitor has intensified its focus on cryptocurrency firms by breaching cloud platforms and poisoning supply chains, according to new findings. The TraderTraitor hacks cloud environments by leveraging trojanized applications and social engineering, often targeting developers with fake job offers on LinkedIn or Telegram.

Since 2020, the group has executed billion-dollar heists, including a $1.5 billion breach at Bybit and a $308 million theft from DMM Bitcoin. In the Bybit attack, hackers used stolen AWS tokens to inject malware into cloud-based infrastructure. In another case, they compromised JumpCloud to distribute malicious updates to downstream crypto clients. TraderTraitor hacks cloud systems by exploiting trusted software repositories like GitHub and npm to spread its payloads.

The group employs malware like RN Loader and RN Stealer to collect SSH keys and cloud credentials. For full analysis of the TraderTraitor campaign, read the complete article at:

Lazarus Subgroup ‘TraderTraitor’ Attacking Cloud Platforms and Poisoning Supply Chains