Over $12M stolen in North Korean crypto heist against web developers

North Korean threat operation HexagonalRodent, which is associated with the state-backed Famous Chollima, has exfiltrated up to $12 million worth of cryptocurrency from Web3 developers between January and March, according to The Record, a news site by cybersecurity firm Recorded Future.

Attacks with the BeaverTail, InvisibleFerret, and OtterCookie payloads have enabled the compromise of 26,584 cryptocurrency across 2,726 systems, a report from Expel revealed. HexagonalRodent impersonated fake companies on LinkedIn to provide lucrative job offers to web developers, who were then urged to download a coding assessment tool that injected credential-stealing malware. Such findings highlight the multiple cryptocurrency pilfering techniques employed by North Korean hackers.

"With so many software engineers out of work, and so few job opportunities available, it makes it all the more easier for North Korean state-sponsored hackers to ensnare targets. With developers applying to hundreds or thousands of jobs without receiving a call back, they're likely to have their guard down when that one job offer finally comes in," said Expel researcher Marcus Hutchins.