North Korean hacking collective Lazarus Group was accused by Taiwan-based cryptocurrency exchange BitoPro of having perpetrated an $11 million cryptocurrency heist earlier last month, BleepingComputer reports.
Investigation revealed that the intrusion commenced with the successful social engineering compromise of a BitoPro employee handling cloud operations, resulting in subsequent AWS session token takeovers and cloud infrastructure hijacking, as well as the delivery of crypto-stealing malware, noted BitoPro, which immediately conducted cryptographic key rotation and deactivated the hot wallet system upon attack discovery. "The attack methodology bears resemblance to patterns observed in multiple past international major incidents, including illicit transfers from global bank SWIFT systems and asset theft incidents from major international cryptocurrency exchanges," BitoPro added. Such a development comes amid Lazarus Group's spate of attacks against decentralized finance and cryptocurrency entities, with the hacking operation having stolen $1.5 billion from cryptocurrency exchange firm Bybit, which is the largest cryptocurrency heist so far.
Investigation revealed that the intrusion commenced with the successful social engineering compromise of a BitoPro employee handling cloud operations, resulting in subsequent AWS session token takeovers and cloud infrastructure hijacking, as well as the delivery of crypto-stealing malware, noted BitoPro, which immediately conducted cryptographic key rotation and deactivated the hot wallet system upon attack discovery. "The attack methodology bears resemblance to patterns observed in multiple past international major incidents, including illicit transfers from global bank SWIFT systems and asset theft incidents from major international cryptocurrency exchanges," BitoPro added. Such a development comes amid Lazarus Group's spate of attacks against decentralized finance and cryptocurrency entities, with the hacking operation having stolen $1.5 billion from cryptocurrency exchange firm Bybit, which is the largest cryptocurrency heist so far.
