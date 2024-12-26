Threat Intelligence, Phishing

Suspected Lazarus subgroup behind DMM crypto heist

North Korea flag is depicted on the screen with the program code. The concept of modern technology and site development

(Adobe Stock Images)

U.S. and Japanese officials have attributed the massive $308 million cryptocurrency heist against Japanese cryptocurrency exchange DMM Bitcoin in May to North Korean threat operation TraderTraitor, which is believed to be a subgroup of the Lazarus hacking collective, according to SiliconAngle.

Nearly two months after Japanese enterprise wallet software firm Ginco had its wallet management system compromised through a successful social engineering attack by a LinkedIn recruiter-impersonating threat actor against one of its employees, TraderTraitor impersonated the employee with obtained session cookies and breached the unencrypted communications system of Ginco, a joint statement from the FBI, Department of Defense Cyber Crime Center, and Japan's National Police Agency revealed. Such access was then leveraged by TraderTraitor to interfere with a DMM employee transaction request and facilitate the exfiltration of currency to the North Korean government, said officials.

Such a development comes months after Indian cryptocurrency exchange and trading platform WazirX was reported to have lost $234.9 million worth of cryptocurrency in a Lazarus attack.

Related

Novel BellaCiao malware variant launched by Charming Kitten

Attacks with an updated C++ variant of the BellaCiao dropper malware dubbed "BellaCPP" have been deployed by Iranian state-backed threat operation Charming Kitten — also known as APT35, CharmingCypress, CALANQUE, Mind Sandstorm, TA453, Newscaster, and Yellow Garuda — to facilitate further payload delivery, according to The Hacker News.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

Account HarvestingBackdoorDeauthentication AttackDefacementDenial of ServiceDictionary AttackDistributed ScansDumpster DivingInformation WarfareReconnaissance

You can skip this ad in 5 seconds