Category | Details |
---|---|
Threat Actors | • North Korean cyber actors (affiliated with TraderTraitor, Jade Sleet, UNC4899, and Slow Pisces). |
Campaign Overview | • $308 million cryptocurrency theft attributed to North Korean cyber activity targeting DMM Bitcoin in May 2024. |
Target Regions (Victims) | • Japan-based cryptocurrency companies and associated individuals. |
Methodology | • Targeted social engineering, job-themed campaigns, and lure through GitHub projects, followed by malware deployment (e.g., malicious Python scripts). |
Product Targeted | • Ginco wallet management system, DMM Bitcoin, and associated Web3 infrastructure. |
Malware Reference | • Malicious Python scripts (deployed via GitHub) and the SmallTiger backdoor. |
Tools Used | • GitHub for distribution of malware, CoinJoin Mixing Service for laundering funds, and bridging services (HuiOne Guarantee). |
Vulnerabilities Exploited | • Social engineering and possibly authentication mechanisms to gain unauthorized access. |
TTPs | • Social engineering, impersonation, malware deployment, and session cookie exploitation to manipulate transactions. |
Attribution | • FBI, DoD Cyber Crime Center, NPA of Japan, Chainalysis, and AhnLab Security Intelligence Center (ASEC) attributed to North Korean cyber activity. |
Recommendations | • Strengthen security measures, apply multi-factor authentication (MFA), conduct regular cybersecurity training, and stay vigilant against social engineering tactics. |
Source | The Hackers News |
Read full article: https://thehackernews.com/2024/12/north-korean-hackers-pull-off-308m.html
The above summary has been generated by an AI language model
Leave a Reply