1/ Today the FBI identified the North Korean hacker group Lazarus Group and APT38 as the Horizon Bridge attackers, with the hacker group using malware called 'TraderTraitor' to carry out the attack.
1/and laundered over $60 million in stolen Ether through a privacy protocol called Railgun. What are "TraderTraitor" and Railgun? @evilcos
2/ 'TraderTraitor' is Lazarus' malware that targets the cryptocurrency industry and blockchain technology primarily by luring employees of cryptocurrency-related platforms to download it. 
2/Messages are sent to people working in IT operations, software creation and system administration in cryptocurrency organisations to offer well paid jobs using social engineering placements on various media social platforms, supporting macOS and Windows operating systems.
3/When employees are duped, 'TraderTraitor' will disguise itself as software for various cryptocurrency platforms and allow employees to download them, such as this platform.
4/ Regarding the technical details of TraderTraitor, CISA has a detailed analysis for those who are interested.
In it, CISA reveals that the domain name tokenais[.] com is the same as the domain name of the Lazarus sample we caught dropping the Trojan
@SlowMist_Team
In it, CISA reveals that the domain name tokenais[.] com is the same as the domain name of the Lazarus sample we caught dropping the Trojan
@SlowMist_Team
4/Details disclosed by CISA:
cisa.gov/uscert/ncas/al…
cisa.gov/uscert/ncas/al…
5/ In response to such incidents, SlowMist suggests:
6/Railgun What is it again?
7/Railgun is a privacy and anonymity system built directly on Ether, interacting directly with DEX, lending and smart contract applications.
7/Using zero-knowledge proof to keep users' finances, personal information and behaviour safe, hidden from the public and selectively providing proof of identity or funds to others, in other words your consent is required before anyone can view your information.
8/ It is clear that Railgun's use of zero-knowledge proof allows users to send or trade without revealing any assets, value or identity, facilitating money laundering while providing privacy.
8/The North Korean hacker group Lazarus Group laundered over $60 million in stolen Ether through Railgun's privacy protocol.
9/ Flow after coin wash, SlowMist's @MistTrack_io and
@zachxbt Both have good analysis of:
@zachxbt Both have good analysis of:
https://twitter.com/MistTrack_io/status/1617521823067025408
10/Also thanks to @tayvano_ for the enthusiastic discussions and help in our tracing process.👏
11/Extended Reading
fbi.gov/news/press-rel…
fbi.gov/news/press-rel…
• • •
Missing some Tweet in this thread? You can try to
force a refresh
