As a seasoned researcher with years of experience under my belt, I find it alarming yet unsurprising that North Korean state-backed hackers continue to target the crypto sector with such sophistication and impunity. The latest attack on Radiant Capital is a stark reminder of the ever-evolving tactics these groups employ to infiltrate systems and steal billions in cryptocurrency.
A fresh autopsy report issued by Radiant Capital suggests that an unidentified hacker, believed to be backed by the North Korean government, orchestrated the $50 million theft from the protocol.
As a researcher examining a recent cyber incident, I’ve uncovered that an attacker posed as a “trusted former contractor” of Radiant Capital to disseminate malware through a zipped PDF file circulated on the messaging platform Telegram. These findings are based on the investigations conducted by the cybersecurity firm Mandiant, as detailed in their report.
Based on information from Radiant Capital, it’s said that this file appears to have been initiated by a cyber threat group associated with North Korea, more specifically known as UNC4736 or Citrine Sleet. This group is also recognized for their creation and management of the AppleJeus malware.
Using the contractor’s previous connections with Radiant’s team, the hacker devised a plausible deception by mimicking the contractor’s genuine email address and sending a Telegram message pretending to seek input on an alleged new project concerning smart contract evaluation.
In typical business environments, exchanging PDFs for review is commonplace among professionals such as lawyers, smart contract auditors, and partners. This practice involves sending documents in PDF format regularly. The message in question didn’t seem unusual, so it was passed along to other team members for their input.
The seemingly harmless zip file turned out to be disguising the INLETDRIFT malware. This insidious software, upon infiltration, opened a gateway into affected Mac systems for the cybercriminal, enabling them to penetrate at least three Radiant developers’ hardware wallets, posing as the aftermath report of the Penpie exploit.
On October 16th, the cyber attack caused the malware to subtly alter the user interface of Safe{Wallet}, making it appear as if only genuine transaction details were being displayed to the developers, all while illicit transactions ran covertly behind the scenes.
Despite following rigorous standards such as Tenderly simulations, checking payloads, and adhering to standard operating procedures in the industry, it was discovered that attackers successfully breached several developers’ devices.
The report states, with great certainty, that this cyberattack can be traced back to a group connected with North Korea, according to Mandiant’s evaluation.
North Korean hackers stole billions in crypto
It’s suspected that UNC4736 may be linked to the Intelligence Bureau of North Korea’s Democratic People’s Republic, and they are recognized for focusing attacks on companies involved in cryptocurrencies.
Previously mentioned by crypto.news, back in the start of the year, the hacking group infiltrated cryptocurrency financial organizations using an unpatched flaw (zero-day vulnerability) in the Chromium web browser. By sneakily circumventing browser security measures, they managed to run harmful code within the browser’s secure environment.
In September, the FBI issued a warning about the growing sophistication of cyberattacks carried out by North Korean hacker groups. These attacks are now focused on people associated with cryptocurrency exchange-traded funds.
In a newer study presented at the Cyberwarcon Cybersecurity gathering, it was revealed that hackers from North Korea successfully stole approximately $10 million within a span of six months, by posing as IT staff or regular employees at notable organizations and infiltrating their systems.
Approximately $3 billion, believed to have been taken from the cryptocurrency industry by hacker groups supported by certain states, is suspected to be funding North Korea’s nuclear weapons development program between 2017 and 2023.
Read More
- Ludus promo codes (April 2025)
- Cookie Run: Kingdom Topping Tart guide – delicious details
- Unleash the Ultimate Warrior: Top 10 Armor Sets in The First Berserker: Khazan
- Cookie Run Kingdom: Shadow Milk Cookie Toppings and Beascuits guide
- Grand Outlaws brings chaos, crime, and car chases as it soft launches on Android
- Grimguard Tactics tier list – Ranking the main classes
- Fortress Saga tier list – Ranking every hero
- Tap Force tier list of all characters that you can pick
- ZEREBRO/USD
- Val Kilmer Almost Passed on Iconic Role in Top Gun
2024-12-09 11:51