CCT - Crypto Currency Tracker logo CCT - Crypto Currency Tracker logo
crypto.news 2024-12-09 08:45:46

DPRK-linked hackers social engineered $50m Radiant Capital exploit: report

A new postmortem report from Radiant Capital claims a North Korean state-backed hacker was behind the $50 million exploit of the protocol. The attacker impersonated a “trusted former contractor” of Radiant Capital to deploy malware via a “zipped PDF” file shared across the messaging platform Telegram, the report noted, citing findings by cybersecurity firm Mandiant. According to Radiant Capital, the file originated from a “DPRK-aligned threat actor” believed to be UNC4736, also referred to as Citrine Sleet, and the masterminds behind the AppleJeus malware . Leveraging the contractor’s prior relationship with Radiant’s team, the attacker crafted a convincing ruse by spoofing the contractor’s legitimate domain and sending a Telegram message requesting feedback on a supposed new project related to smart contract auditing. “Requests to review PDFs are routine in professional settings — lawyers, smart contract auditors, and partners frequently share documents in this format,“ the report noted, adding that the message did not raise any suspicions and, as a result, was shared with other developers for feedback. The zip file, which appeared to be an after-incident report of the Penpie exploit, actually contained the INLETDRIFT malware, which created a macOS backdoor that allowed the threat actor to compromise the hardware wallets of at least three Radiant developers. You might also like: Radiant Capital hacker moves $52M worth of crypto funds into Ethereum During the Oct. 16 attack, the malware manipulated the front-end interface of Safe{Wallet} (formerly known as Gnosis Safe), displaying legitimate transaction data to the developers while the malicious transactions were executed in the background. Radiant noted that despite strict adherence to best practices like Tenderly simulations, payload verification, and industry-standard SOPs, the attackers managed to compromise multiple developer devices. “Mandiant assesses with high-confidence that this attack is attributable to a Democratic People’s Republic of Korea (DPRK)-nexus threat actor,” the report added. North Korean hackers stole billions in crypto UNC4736 is believed to have ties with the Democratic People’s Republic of Korea’s Reconnaissance General Bureau and has been known to target cryptocurrency-focused firms. As previously reported by crypto.news, earlier this year, the group targeted crypto financial institutions by exploiting a zero-day vulnerability in the Chromium browser to bypass browser security and execute malicious code within the browser’s sandbox. In September, the Federal Bureau of Investigation warned of the increasingly complex tactics used by North Korean hackers, noting they had taken an interest in targeting individuals linked to crypto exchange-traded funds. A more recent report from researchers at the Cyberwarcon Cybersecurity conference found that North Korean hackers managed to siphon over $10 million in just six months by infiltrating prominent companies as IT workers and other employees. The roughly $3 billion stolen from the crypto sector by these state-backed hacking groups between 2017 and 2023 is allegedly used to finance North Korea’s nuclear weapons program. Read more: Post-mortem reveals stealthy malware injection led to $50m Radiant Capital exploit

면책 조항 읽기 : 본 웹 사이트, 하이퍼 링크 사이트, 관련 응용 프로그램, 포럼, 블로그, 소셜 미디어 계정 및 기타 플랫폼 (이하 "사이트")에 제공된 모든 콘텐츠는 제 3 자 출처에서 구입 한 일반적인 정보 용입니다. 우리는 정확성과 업데이트 성을 포함하여 우리의 콘텐츠와 관련하여 어떠한 종류의 보증도하지 않습니다. 우리가 제공하는 컨텐츠의 어떤 부분도 금융 조언, 법률 자문 또는 기타 용도에 대한 귀하의 특정 신뢰를위한 다른 형태의 조언을 구성하지 않습니다. 당사 콘텐츠의 사용 또는 의존은 전적으로 귀하의 책임과 재량에 달려 있습니다. 당신은 그들에게 의존하기 전에 우리 자신의 연구를 수행하고, 검토하고, 분석하고, 검증해야합니다. 거래는 큰 손실로 이어질 수있는 매우 위험한 활동이므로 결정을 내리기 전에 재무 고문에게 문의하십시오. 본 사이트의 어떠한 콘텐츠도 모집 또는 제공을 목적으로하지 않습니다.