SYMBOLCOMMON_NAMEaka. SYNONYMS

TraderTraitor  (Back to overview)

aka: Jade Sleet, Pukchong, UNC4899

TraderTraitor targets blockchain companies through spear-phishing messages. The group sends these messages to employees, particularly those in system administration or software development roles, on various communication platforms, intended to gain access to these start-up and high-tech companies. TraderTraitor may be the work of operators previously responsible for APT38 activity.

Associated Families
py.rn_stealer
References
2025-04-14Palo Alto Networks Unit 42Prashil Pattni
Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware
RN Stealer
2024-06-12GoogleGoogle Threat Analysis Group, Mandiant
Insights on Cyber Threats Targeting Users and Enterprises in Brazil
TraderTraitor
2023-10-10MandiantAdrian Hernandez, Austin Larsen, JEFF JOHNSON, Michael Barnhart, Michelle Cantos, Taylor Long
Assessed Cyber Structure and Alignments of North Korea in 2023
TraderTraitor
2023-07-24MandiantAustin Larsen, Dan Kelly, Joseph Pisano, Mark Golembiewski, Matt Williams, Paige Godvin
North Korea Leverages SaaS Provider in a Targeted Supply Chain Attack
FULLHOUSE STRATOFEAR TraderTraitor
2022-04-20CISACISA
TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies
Bankshot TraderTraitor
Credits: MISP Project