AppleJeus, also known as Citrine Sleet, Gleaming Pisces, and Smooth Operator, is the North Korean hacker behind the Radiant Capital heist among others. This is the story of finding a previously undiscovered AppleJeus campaign targeting fintech. This talk will also give some background on North Korean hacking groups, show simple pivoting for analysts, and give recommendations to help protect your organization from North Korean threat actors.

TraderTraitor, also known as Jade Sleet, Slow Pisces, UNC4899, Dark River is the North Korean threat actor behind major cryptocurrency heists from ByBit, DMM, WazirX, CoinsPaid, Alphapo, Atomic Wallet, Horizon Bridge, Ronin Bridge, and many others. This presentation is a deep dive into TraderTraitor and will cover how they compromise their victims, how defenders and security teams can track TraderTraitor, and measures that organizations can take to protect themselves from being the next Bybit. This presentation will have non-public details about TraderTraitor activity.