CCT - Crypto Currency Tracker logo CCT - Crypto Currency Tracker logo
crypto.news 2024-12-09 08:45:46

DPRK-linked hackers social engineered $50m Radiant Capital exploit: report

A new postmortem report from Radiant Capital claims a North Korean state-backed hacker was behind the $50 million exploit of the protocol. The attacker impersonated a “trusted former contractor” of Radiant Capital to deploy malware via a “zipped PDF” file shared across the messaging platform Telegram, the report noted, citing findings by cybersecurity firm Mandiant. According to Radiant Capital, the file originated from a “DPRK-aligned threat actor” believed to be UNC4736, also referred to as Citrine Sleet, and the masterminds behind the AppleJeus malware . Leveraging the contractor’s prior relationship with Radiant’s team, the attacker crafted a convincing ruse by spoofing the contractor’s legitimate domain and sending a Telegram message requesting feedback on a supposed new project related to smart contract auditing. “Requests to review PDFs are routine in professional settings — lawyers, smart contract auditors, and partners frequently share documents in this format,“ the report noted, adding that the message did not raise any suspicions and, as a result, was shared with other developers for feedback. The zip file, which appeared to be an after-incident report of the Penpie exploit, actually contained the INLETDRIFT malware, which created a macOS backdoor that allowed the threat actor to compromise the hardware wallets of at least three Radiant developers. You might also like: Radiant Capital hacker moves $52M worth of crypto funds into Ethereum During the Oct. 16 attack, the malware manipulated the front-end interface of Safe{Wallet} (formerly known as Gnosis Safe), displaying legitimate transaction data to the developers while the malicious transactions were executed in the background. Radiant noted that despite strict adherence to best practices like Tenderly simulations, payload verification, and industry-standard SOPs, the attackers managed to compromise multiple developer devices. “Mandiant assesses with high-confidence that this attack is attributable to a Democratic People’s Republic of Korea (DPRK)-nexus threat actor,” the report added. North Korean hackers stole billions in crypto UNC4736 is believed to have ties with the Democratic People’s Republic of Korea’s Reconnaissance General Bureau and has been known to target cryptocurrency-focused firms. As previously reported by crypto.news, earlier this year, the group targeted crypto financial institutions by exploiting a zero-day vulnerability in the Chromium browser to bypass browser security and execute malicious code within the browser’s sandbox. In September, the Federal Bureau of Investigation warned of the increasingly complex tactics used by North Korean hackers, noting they had taken an interest in targeting individuals linked to crypto exchange-traded funds. A more recent report from researchers at the Cyberwarcon Cybersecurity conference found that North Korean hackers managed to siphon over $10 million in just six months by infiltrating prominent companies as IT workers and other employees. The roughly $3 billion stolen from the crypto sector by these state-backed hacking groups between 2017 and 2023 is allegedly used to finance North Korea’s nuclear weapons program. Read more: Post-mortem reveals stealthy malware injection led to $50m Radiant Capital exploit

阅读免责声明 : 此处提供的所有内容我们的网站,超链接网站,相关应用程序,论坛,博客,社交媒体帐户和其他平台(“网站”)仅供您提供一般信息,从第三方采购。 我们不对与我们的内容有任何形式的保证,包括但不限于准确性和更新性。 我们提供的内容中没有任何内容构成财务建议,法律建议或任何其他形式的建议,以满足您对任何目的的特定依赖。 任何使用或依赖我们的内容完全由您自行承担风险和自由裁量权。 在依赖它们之前,您应该进行自己的研究,审查,分析和验证我们的内容。 交易是一项高风险的活动,可能导致重大损失,因此请在做出任何决定之前咨询您的财务顾问。 我们网站上的任何内容均不构成招揽或要约