| Category | Details |
|---|---|
| Threat Actors | AppleJeus (aka Citrine Sleet); linked to North Korea’s Reconnaissance General Bureau (RGB). |
| Campaign Overview | $50M heist from Radiant Capital through malware-laced PDFs targeting developers; attackers exploited seamless deception and sophisticated techniques to execute the theft. |
| Target Regions (or Victims) | Radiant Capital (crypto platform), cryptocurrency and fintech industries globally. |
| Methodology | Social engineering via Telegram; phishing with a ZIP file containing a malicious PDF; exploiting macOS systems through a backdoor (INLETDRIFT). |
| Product Targeted | Cryptocurrency platforms, decentralized finance (DeFi) systems, macOS devices. |
| Malware Reference | INLETDRIFT (macOS backdoor), AppleJeus malware. |
| Tools Used | Malicious PDFs, phishing links, INLETDRIFT backdoor, exploit kits targeting Chromium browser (zero-day vulnerability). |
| Vulnerabilities Exploited | Chromium zero-day (targeting crypto industry in August 2024); manipulation of benign-looking front-end transaction data to execute malicious transactions in the background. |
| TTPs | Social engineering via Telegram, phishing campaigns, macOS malware, zero-day exploits, sophisticated obfuscation and trace removal, targeting cryptocurrency platforms for theft. |
| Attribution | Attributed to North Korea’s RGB; supported by reports from U.S. officials, Microsoft, Google, and United Nations investigations. |
| Recommendations | Robust device-level transparency, enhanced security protocols for transaction validation, ongoing monitoring for malware activity, industry collaboration to track threat actors. |
| Source | The Record |
Read full article:https://therecord.media/radiant-capital-heist-north-korea
The above summary has been generated by an AI language model
Leave a Reply