ICIC
KP

TA444

High ConfidenceHigh Threat

APT38 • Jade Sleet • TraderTraitor • UNC4899

TA444 is a North Korean threat actor focused on cryptocurrency theft and financial cybercrime. The group employs sophisticated social engineering tactics, often impersonating recruiters, venture capitalists, or cryptocurrency professionals to target individuals in the blockchain and DeFi space. TA444's operations support North Korea's efforts to circumvent international sanctions and fund state programs through illicit cyber activities.

Origin: North Korea
Sponsor: RGB (Reconnaissance General Bureau)
Active: 2017 - Present
Victims: 50+ organizations
Advanced
Active
Financial Gain
Risk Assessment
81
Composite Risk Score
High Risk
ARCS Compliance82
Escalation Risk80
Grievance Index85
Infrastructure Impact75
History & Evolution

TA444 is a North Korean threat actor focused on cryptocurrency theft and financial cybercrime. The group employs sophisticated social engineering tactics, often impersonating recruiters, venture capitalists, or cryptocurrency professionals to target individuals in the blockchain and DeFi space. TA444's operations support North Korea's efforts to circumvent international sanctions and fund state programs through illicit cyber activities.

Targeting

Target Sectors

CryptocurrencyBlockchainTechnologyFinancial Services

Target Regions

GlobalUnited StatesEuropeAsia
Attribution & Affiliations

Attributed to RGB (Reconnaissance General Bureau) (North Korea). Attribution confidence: High.

Intelligence Assessment
High
Threat Level
Moderately
Targeting
Moderately
Adaptability
High
Persistence
Continuous
Op Tempo
Active
Status

Future Outlook

TA444 is expected to continue operations targeting Cryptocurrency sectors.

Timeline of Key Events
2017
Major

First observed activity of TA444

2024
Moderate

Continued active operations

Related Threat Groups
KPLazarus Group
Shared infrastructure

Overlapping C2 infrastructure and tooling

KPKimsuky
Shared sponsor

Both operate under RGB