crypto.news 2024-12-09 08:45:46

DPRK-linked hackers social engineered $50m Radiant Capital exploit: report

A new postmortem report from Radiant Capital claims a North Korean state-backed hacker was behind the $50 million exploit of the protocol. The attacker impersonated a “trusted former contractor” of Radiant Capital to deploy malware via a “zipped PDF” file shared across the messaging platform Telegram, the report noted, citing findings by cybersecurity firm Mandiant. According to Radiant Capital, the file originated from a “DPRK-aligned threat actor” believed to be UNC4736, also referred to as Citrine Sleet, and the masterminds behind the AppleJeus malware . Leveraging the contractor’s prior relationship with Radiant’s team, the attacker crafted a convincing ruse by spoofing the contractor’s legitimate domain and sending a Telegram message requesting feedback on a supposed new project related to smart contract auditing. “Requests to review PDFs are routine in professional settings — lawyers, smart contract auditors, and partners frequently share documents in this format,“ the report noted, adding that the message did not raise any suspicions and, as a result, was shared with other developers for feedback. The zip file, which appeared to be an after-incident report of the Penpie exploit, actually contained the INLETDRIFT malware, which created a macOS backdoor that allowed the threat actor to compromise the hardware wallets of at least three Radiant developers. You might also like: Radiant Capital hacker moves $52M worth of crypto funds into Ethereum During the Oct. 16 attack, the malware manipulated the front-end interface of Safe{Wallet} (formerly known as Gnosis Safe), displaying legitimate transaction data to the developers while the malicious transactions were executed in the background. Radiant noted that despite strict adherence to best practices like Tenderly simulations, payload verification, and industry-standard SOPs, the attackers managed to compromise multiple developer devices. “Mandiant assesses with high-confidence that this attack is attributable to a Democratic People’s Republic of Korea (DPRK)-nexus threat actor,” the report added. North Korean hackers stole billions in crypto UNC4736 is believed to have ties with the Democratic People’s Republic of Korea’s Reconnaissance General Bureau and has been known to target cryptocurrency-focused firms. As previously reported by crypto.news, earlier this year, the group targeted crypto financial institutions by exploiting a zero-day vulnerability in the Chromium browser to bypass browser security and execute malicious code within the browser’s sandbox. In September, the Federal Bureau of Investigation warned of the increasingly complex tactics used by North Korean hackers, noting they had taken an interest in targeting individuals linked to crypto exchange-traded funds. A more recent report from researchers at the Cyberwarcon Cybersecurity conference found that North Korean hackers managed to siphon over $10 million in just six months by infiltrating prominent companies as IT workers and other employees. The roughly $3 billion stolen from the crypto sector by these state-backed hacking groups between 2017 and 2023 is allegedly used to finance North Korea’s nuclear weapons program. Read more: Post-mortem reveals stealthy malware injection led to $50m Radiant Capital exploit

Прочтите Отказ от ответственности : Весь контент, представленный на нашем сайте, гиперссылки, связанные приложения, форумы, блоги, учетные записи социальных сетей и другие платформы («Сайт») предназначен только для вашей общей информации, приобретенной у сторонних источников. Мы не предоставляем никаких гарантий в отношении нашего контента, включая, но не ограничиваясь, точность и обновление. Никакая часть содержания, которое мы предоставляем, представляет собой финансовый совет, юридическую консультацию или любую другую форму совета, предназначенную для вашей конкретной опоры для любых целей. Любое использование или доверие к нашему контенту осуществляется исключительно на свой страх и риск. Вы должны провести собственное исследование, просмотреть, проанализировать и проверить наш контент, прежде чем полагаться на них. Торговля - очень рискованная деятельность, которая может привести к серьезным потерям, поэтому проконсультируйтесь с вашим финансовым консультантом, прежде чем принимать какие-либо решения. Никакое содержание на нашем Сайте не предназначено для запроса или предложения