Press ESC to close

North Korean Hackers Pull Off $308M Bitcoin Heist from Crypto Firm DMM Bitcoin

Category Details
Threat Actors • North Korean cyber actors (affiliated with TraderTraitor, Jade Sleet, UNC4899, and Slow Pisces).
Campaign Overview • $308 million cryptocurrency theft attributed to North Korean cyber activity targeting DMM Bitcoin in May 2024.
Target Regions (Victims) • Japan-based cryptocurrency companies and associated individuals.
Methodology • Targeted social engineering, job-themed campaigns, and lure through GitHub projects, followed by malware deployment (e.g., malicious Python scripts).
Product Targeted • Ginco wallet management system, DMM Bitcoin, and associated Web3 infrastructure.
Malware Reference • Malicious Python scripts (deployed via GitHub) and the SmallTiger backdoor.
Tools Used • GitHub for distribution of malware, CoinJoin Mixing Service for laundering funds, and bridging services (HuiOne Guarantee).
Vulnerabilities Exploited • Social engineering and possibly authentication mechanisms to gain unauthorized access.
TTPs • Social engineering, impersonation, malware deployment, and session cookie exploitation to manipulate transactions.
Attribution • FBI, DoD Cyber Crime Center, NPA of Japan, Chainalysis, and AhnLab Security Intelligence Center (ASEC) attributed to North Korean cyber activity.
Recommendations • Strengthen security measures, apply multi-factor authentication (MFA), conduct regular cybersecurity training, and stay vigilant against social engineering tactics.
Source The Hackers News

Read full article: https://thehackernews.com/2024/12/north-korean-hackers-pull-off-308m.html

The above summary has been generated by an AI language model

Stay Updated with Our Newsletter

Source: TheHackersNews

Published on: December 25, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *