By hacking crypto exchanges, the North Korean state seeks to fund its banned nuclear weapons and ballistic missile programs, says cybersecurity researcher Michael Barnhart.
The groups responsible for these attacks on cryptocurrencies such as Bitcoin, which are moved quickly between wallets to avoid detection, are known as CryptoCore and TraderTraitor.
TraderTraitor, also known as Jade Sleet, Slow Pisces, and UNC4899, has targeted both individuals and firms in the web3 space using phishing attacks and has also been linked to attempts to steal 1bnfromtheCentralBankofBangladeshin2016andtheFebruary2024heistof308m from Japanese firm DMM.
Furthermore, the group has been linked to attacks on the software supply chains of firms such as JumpCloud in June 2023.
The group often uses fake personas and stolen accounts to infect targets with malware.
Barnhart suggests that the group may work alongside North Korean IT workers who have been deployed around the world to earn wages for the regime.
