NorthKoreaHackers
108,354 views
68 Discussing
Hot
Latest
North Korean Hackers Target Crypto with Nim-Based Malware Disguised as Zoom Updates
🔹 Fake Zoom meeting invites and update links deceive Web3 teams
🔹 New NimDoor malware infiltrates macOS with advanced evasion techniques
🔹 Attackers steal browser data, passwords, and Telegram chats
Web3 and Crypto Companies Under Siege by NimDoor Malware
Security experts at SentinelLabs have uncovered a sophisticated malware campaign targeting Web3 startups and cryptocurrency firms. The attacks, linked to North Korean groups, use a combination of social engineering and technical stealth to deploy NimDoor malware, written in the rarely used Nim programming language to bypass antivirus detection.
The Setup: Fake Zoom Meetings Through Telegram
Hackers initiate contact via Telegram, posing as known contacts. They invite victims to schedule meetings via Calendly, then send them links to what appear to be Zoom software updates. These links lead to fake domains like support.us05web-zoom.cloud, mimicking Zoom's legitimate URLs and hosting malicious installation files.
These files contain thousands of lines of whitespace, making them appear "legitimately large." Hidden within are only three crucial lines of code, which download and execute the real attack payload.
NimDoor Malware: Spyware Specifically Targeting macOS
Once executed, the NimDoor malware operates in two main phases:
🔹 Data extraction – stealing saved passwords, browsing histories, and login credentials from popular browsers like Chrome, Firefox, Brave, Edge, and Arc.
🔹 System persistence – maintaining long-term access through stealth background processes and disguised system files.
A key component specifically targets Telegram, stealing encrypted chat databases and decryption keys, giving attackers access to private conversations offline.
Built to Survive: Evasion and Reinstallation Techniques
NimDoor employs a range of advanced persistence mechanisms:
🔹 Automatically reinstalls itself if users try to terminate or delete it
🔹 Creates hidden files and folders that look like legitimate macOS system components
🔹 Connects to the attacker’s server every 30 seconds for instructions, disguised as normal internet traffic
🔹 Delays execution for 10 minutes to avoid early detection by security software
Difficult to Remove Without Professional Tools
Because of these techniques, NimDoor is extremely hard to remove with standard tools. Specialized security software or professional intervention is often required to clean infected systems completely.
Conclusion: Modern Cyberattacks Now Look Like Calendar Invites
Attacks like NimDoor prove how cleverly North Korean groups mimic daily workflows to penetrate even cautious targets. Fake Zoom links and innocent-looking updates can lead to full system compromise.
Users should never download updates from unofficial sources, always verify domain names, and stay vigilant against unexpected software prompts or invitations.
#CyberSecurity , #NorthKoreaHackers , #Web3Security , #CryptoNews , #Hack
Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
🔹 New NimDoor malware infiltrates macOS with advanced evasion techniques
🔹 Attackers steal browser data, passwords, and Telegram chats
Web3 and Crypto Companies Under Siege by NimDoor Malware
Security experts at SentinelLabs have uncovered a sophisticated malware campaign targeting Web3 startups and cryptocurrency firms. The attacks, linked to North Korean groups, use a combination of social engineering and technical stealth to deploy NimDoor malware, written in the rarely used Nim programming language to bypass antivirus detection.
The Setup: Fake Zoom Meetings Through Telegram
Hackers initiate contact via Telegram, posing as known contacts. They invite victims to schedule meetings via Calendly, then send them links to what appear to be Zoom software updates. These links lead to fake domains like support.us05web-zoom.cloud, mimicking Zoom's legitimate URLs and hosting malicious installation files.
These files contain thousands of lines of whitespace, making them appear "legitimately large." Hidden within are only three crucial lines of code, which download and execute the real attack payload.
NimDoor Malware: Spyware Specifically Targeting macOS
Once executed, the NimDoor malware operates in two main phases:
🔹 Data extraction – stealing saved passwords, browsing histories, and login credentials from popular browsers like Chrome, Firefox, Brave, Edge, and Arc.
🔹 System persistence – maintaining long-term access through stealth background processes and disguised system files.
A key component specifically targets Telegram, stealing encrypted chat databases and decryption keys, giving attackers access to private conversations offline.
Built to Survive: Evasion and Reinstallation Techniques
NimDoor employs a range of advanced persistence mechanisms:
🔹 Automatically reinstalls itself if users try to terminate or delete it
🔹 Creates hidden files and folders that look like legitimate macOS system components
🔹 Connects to the attacker’s server every 30 seconds for instructions, disguised as normal internet traffic
🔹 Delays execution for 10 minutes to avoid early detection by security software
Difficult to Remove Without Professional Tools
Because of these techniques, NimDoor is extremely hard to remove with standard tools. Specialized security software or professional intervention is often required to clean infected systems completely.
Conclusion: Modern Cyberattacks Now Look Like Calendar Invites
Attacks like NimDoor prove how cleverly North Korean groups mimic daily workflows to penetrate even cautious targets. Fake Zoom links and innocent-looking updates can lead to full system compromise.
Users should never download updates from unofficial sources, always verify domain names, and stay vigilant against unexpected software prompts or invitations.
#CyberSecurity , #NorthKoreaHackers , #Web3Security , #CryptoNews , #Hack
Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
🚨
L'équilibre fragile de la DeFi face aux hackers nord-coréens révèle un paradoxe inquiétant.
Les projets crypto dépensent des fortunes en audits de smart contracts, mais négligent totalement leur sécurité opérationnelle de base.
Le facteur humain reste la faille exploitée: mauvaise gestion des clés, intégration sans vérification, discussions sensibles non cryptées.
En 2025, les hackers nord-coréens ont déjà ciblé 1,5 milliard
(Ironie: on s'inquiète des backdoors dans le code mais pas des portes grandes ouvertes de nos processus)
La décentralisation exige plus de rigueur, pas moins.
#CryptoSecurity #NorthKoreaHackers #DeFiRisks
L'équilibre fragile de la DeFi face aux hackers nord-coréens révèle un paradoxe inquiétant.
Les projets crypto dépensent des fortunes en audits de smart contracts, mais négligent totalement leur sécurité opérationnelle de base.
Le facteur humain reste la faille exploitée: mauvaise gestion des clés, intégration sans vérification, discussions sensibles non cryptées.
En 2025, les hackers nord-coréens ont déjà ciblé 1,5 milliard
(Ironie: on s'inquiète des backdoors dans le code mais pas des portes grandes ouvertes de nos processus)
La décentralisation exige plus de rigueur, pas moins.
#CryptoSecurity #NorthKoreaHackers #DeFiRisks
🚨 North Korea is likely behind the $1.5bn Bybit hack, researchers say:
🤔Is it's true 👇👇👇👇👇👇👇.
#BybitSecurityBreach #NorthKoreaHackers #Alert🔴 #Binance #market
🤔Is it's true 👇👇👇👇👇👇👇.
#BybitSecurityBreach #NorthKoreaHackers #Alert🔴 #Binance #market
Bybit Cold Wallet Hack & North Korea's 1.5 Billion ETH Strategic Reserves: A Coincidence or a Master Plan?
In a shocking development that has sent ripples through the cryptocurrency community, Bybit, one of the leading global crypto exchanges, has confirmed a massive hack targeting its cold wallet. The breach reportedly led to the theft of around 1.5 billion ETH, a staggering amount of digital assets, raising eyebrows across the industry. The news of the hack has shaken investor confidence, and security protocols for exchanges are now under intense scrutiny.
Adding another layer of intrigue, just days after the hack, North Korea made headlines by announcing the establishment of 1.5 billion ETH in its own "strategic reserves." While the details are still murky, sources suggest that this is a significant move by the North Korean regime to bolster its cyber capabilities, and some speculate that the two events may be linked.
With North Korea’s well-documented history of cyberattacks and digital asset thefts, the timing of these announcements has sparked speculation about potential involvement in the hack. The fact that both incidents revolve around 1.5 billion ETH has left many wondering: Is it a mere coincidence, or is there a larger geopolitical strategy at play?
Experts are divided on the issue. Some believe the breach could be the work of highly skilled hackers with access to sophisticated tools, possibly state-sponsored. Others think that North Korea’s announcement might be a propaganda play, leveraging the hack to highlight its growing influence in the digital currency space.
The situation remains fluid, but one thing is clear: as crypto evolves, the intersection of national security, cybersecurity, and digital currencies becomes increasingly complex. Investors and regulators alike will be watching closely to see how this saga unfolds.
#BybitSecurityBreach #NorthKoreaHackers #ETH $ETH $BTC $XRP
In a shocking development that has sent ripples through the cryptocurrency community, Bybit, one of the leading global crypto exchanges, has confirmed a massive hack targeting its cold wallet. The breach reportedly led to the theft of around 1.5 billion ETH, a staggering amount of digital assets, raising eyebrows across the industry. The news of the hack has shaken investor confidence, and security protocols for exchanges are now under intense scrutiny.
Adding another layer of intrigue, just days after the hack, North Korea made headlines by announcing the establishment of 1.5 billion ETH in its own "strategic reserves." While the details are still murky, sources suggest that this is a significant move by the North Korean regime to bolster its cyber capabilities, and some speculate that the two events may be linked.
With North Korea’s well-documented history of cyberattacks and digital asset thefts, the timing of these announcements has sparked speculation about potential involvement in the hack. The fact that both incidents revolve around 1.5 billion ETH has left many wondering: Is it a mere coincidence, or is there a larger geopolitical strategy at play?
Experts are divided on the issue. Some believe the breach could be the work of highly skilled hackers with access to sophisticated tools, possibly state-sponsored. Others think that North Korea’s announcement might be a propaganda play, leveraging the hack to highlight its growing influence in the digital currency space.
The situation remains fluid, but one thing is clear: as crypto evolves, the intersection of national security, cybersecurity, and digital currencies becomes increasingly complex. Investors and regulators alike will be watching closely to see how this saga unfolds.
#BybitSecurityBreach #NorthKoreaHackers #ETH $ETH $BTC $XRP
Hàn Quốc trừng phạt 15 người Triều Tiên vì tội trộm cắp tiền điện tử và trộm cắp mạng
Các điệp viên bị trừng phạt bị cáo buộc tạo ra nguồn quỹ cho chương trình phát triển vũ khí hạt nhân của Triều Tiên.
Các tin tặc Triều Tiên đang bị các chính phủ trên toàn thế giới truy đuổi và đổ lỗi cho họ về hơn một nửa giá trị tiền điện tử bị đánh cắp trong năm 2024.
#NorthKoreaHackers
Các điệp viên bị trừng phạt bị cáo buộc tạo ra nguồn quỹ cho chương trình phát triển vũ khí hạt nhân của Triều Tiên.
Các tin tặc Triều Tiên đang bị các chính phủ trên toàn thế giới truy đuổi và đổ lỗi cho họ về hơn một nửa giá trị tiền điện tử bị đánh cắp trong năm 2024.
#NorthKoreaHackers
🌐💰 حتى كوريا الشمالية لم تسلم من فخاخ الكريبتو! 💸🐸
في خطوة غامضة، استخدم هاكرز كوريون شماليون واجهة Tornado Cash (المُخترقة!) لغسل 3.1 مليون دولار من الأموال المسروقة، ليتبين لاحقًا أنهم استثمروا هذا المبلغ في شراء 437.6 مليار من عملة PEPE 🐸🚀. لكن المفاجأة الكبرى؟ 🤯 كوريا الشمالية نفسها تعرضت للاحتيال! حيث تبين أنهم استخدموا نسخة مخترقة من المنصة، مما أدى إلى فقدانهم لبعض الأموال أثناء العملية! 🔥🎭
حتى أعقد العقول الإجرامية لا تستطيع الهروب من جنون عالم الكريبتو! 🤡💥
#StablecoinSurge #TelegramFounderToLeaveFrance #KaitoXAccountHacked #pepe⚡ #NorthKoreaHackers $PEPE
في خطوة غامضة، استخدم هاكرز كوريون شماليون واجهة Tornado Cash (المُخترقة!) لغسل 3.1 مليون دولار من الأموال المسروقة، ليتبين لاحقًا أنهم استثمروا هذا المبلغ في شراء 437.6 مليار من عملة PEPE 🐸🚀. لكن المفاجأة الكبرى؟ 🤯 كوريا الشمالية نفسها تعرضت للاحتيال! حيث تبين أنهم استخدموا نسخة مخترقة من المنصة، مما أدى إلى فقدانهم لبعض الأموال أثناء العملية! 🔥🎭
حتى أعقد العقول الإجرامية لا تستطيع الهروب من جنون عالم الكريبتو! 🤡💥
#StablecoinSurge #TelegramFounderToLeaveFrance #KaitoXAccountHacked #pepe⚡ #NorthKoreaHackers $PEPE
**🚨 U.S. Targets Cambodian Company Aiding North Korea’s Crypto Crimes 💸**
The U.S. says Huione Group (Cambodia) helped North Korea’s hackers (Lazarus Group 👾) hide stolen crypto money. Quick facts:
- U.S. Move: Stop Huione from using U.S. banks 🏦 to block illegal crypto-to-cash schemes.
- $4 Billion Dirty Money :
→ 🐷 $36M from scams (people tricked into fake crypto deals).
→ 💻 $37M from North Korea’s stolen crypto.
- Secret Tool: Huione made USDH, a “stablecoin” tied to dollars that can’t be frozen 🚫, helping hide illegal cash.
- Cambodia Acted: Banned Huione’s crypto work in March 2024.
Why It’s Important: To stop bad actors like North Korea from using crypto for illegal funding 🌍.
Your thoughts? Should stablecoins be regulated harder? 👇
#crypto #NorthKoreaHackers
The U.S. says Huione Group (Cambodia) helped North Korea’s hackers (Lazarus Group 👾) hide stolen crypto money. Quick facts:
- U.S. Move: Stop Huione from using U.S. banks 🏦 to block illegal crypto-to-cash schemes.
- $4 Billion Dirty Money :
→ 🐷 $36M from scams (people tricked into fake crypto deals).
→ 💻 $37M from North Korea’s stolen crypto.
- Secret Tool: Huione made USDH, a “stablecoin” tied to dollars that can’t be frozen 🚫, helping hide illegal cash.
- Cambodia Acted: Banned Huione’s crypto work in March 2024.
Why It’s Important: To stop bad actors like North Korea from using crypto for illegal funding 🌍.
Your thoughts? Should stablecoins be regulated harder? 👇
#crypto #NorthKoreaHackers
North Korea’s 5,000-Ton Choe Hyon-Class Destroyer Sinks During Inauguration
North Korea's highly anticipated naval advancement turned into a national embarrassment as the new Choe Hyon-class destroyer capsized during its launch ceremony in front of Kim Jong Un. Designed as a symbol of rising maritime strength, the 5,000-ton warship never made it to sea. Reports suggest a critical failure in the launch mechanism caused the vessel to tip and sink.
Kim has condemned the incident as a “criminal act” and is reportedly furious with former Russian Defense Minister Sergei Shoigu, blaming Russian naval technology for the catastrophic failure.
North Korea's highly anticipated naval advancement turned into a national embarrassment as the new Choe Hyon-class destroyer capsized during its launch ceremony in front of Kim Jong Un. Designed as a symbol of rising maritime strength, the 5,000-ton warship never made it to sea. Reports suggest a critical failure in the launch mechanism caused the vessel to tip and sink.
Kim has condemned the incident as a “criminal act” and is reportedly furious with former Russian Defense Minister Sergei Shoigu, blaming Russian naval technology for the catastrophic failure.
North Korean Hackers Use Fake U.S. Firms to Target Crypto Devs
North Korean hacking groups have once again demonstrated how dangerously sophisticated they can be. This time, they’ve set their sights on crypto developers — posing as legitimate U.S.-based companies with one goal: to infect victims’ systems with malware.
🎭 Two Fake Companies. One Malicious Scheme.
Cybersecurity firm Silent Push has revealed that North Korean hackers created two LLCs — Blocknovas LLC in New Mexico and Softglide LLC in New York — pretending to be recruiters in the crypto industry. These companies sent “job offers” that contained malicious code. The notorious Lazarus Group, linked to North Korea’s intelligence services, is believed to be behind the operation.
A third entity, Angeloper Agency, showed the same digital fingerprint, though it wasn’t officially registered.
🧠 Malware That Steals Crypto Wallets
Once unsuspecting developers opened the infected files, the malware began harvesting login credentials, wallet keys, and other sensitive data. According to Silent Push’s report, multiple victims have already been identified — most linked to the Blocknovas domain, which was by far the most active.
The FBI has seized the domain and issued a warning that similar aliases may reappear soon.
💸 Covert Funding for North Korea’s Missile Program
According to U.S. officials, the ultimate goal of the scheme is simple: generate hard currency to fund North Korea’s nuclear weapons program. Intelligence sources say Pyongyang has been deploying thousands of IT operatives abroad to illegally raise funds through fraudulent schemes.
This case is especially troubling because it shows that North Korean hackers managed to set up legal companies inside the United States, a rare and alarming development.
🔐 Three Malware Families, One Lazarus Signature
Analysts found that the job files contained at least three known malware families, capable of opening backdoors, downloading additional malicious payloads, and stealing sensitive information. These tactics align closely with past attacks by the Lazarus Group.
⚠️ FBI Warning: Be Cautious of "Too Good to Be True" Job Offers
Federal agents emphasize that this case is a chilling reminder of how North Korea continues to evolve its cyber threats. Tech and cybersecurity professionals should thoroughly vet unsolicited job offers, especially those from unfamiliar companies. Developers infected by these schemes could lose cryptocurrency or unknowingly grant hackers access to larger systems and exchanges.
#HackerAlert , #CyberSecurity , #NorthKoreaHackers , #CryptoSecurity , #CryptoNewss
Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
🎭 Two Fake Companies. One Malicious Scheme.
Cybersecurity firm Silent Push has revealed that North Korean hackers created two LLCs — Blocknovas LLC in New Mexico and Softglide LLC in New York — pretending to be recruiters in the crypto industry. These companies sent “job offers” that contained malicious code. The notorious Lazarus Group, linked to North Korea’s intelligence services, is believed to be behind the operation.
A third entity, Angeloper Agency, showed the same digital fingerprint, though it wasn’t officially registered.
🧠 Malware That Steals Crypto Wallets
Once unsuspecting developers opened the infected files, the malware began harvesting login credentials, wallet keys, and other sensitive data. According to Silent Push’s report, multiple victims have already been identified — most linked to the Blocknovas domain, which was by far the most active.
The FBI has seized the domain and issued a warning that similar aliases may reappear soon.
💸 Covert Funding for North Korea’s Missile Program
According to U.S. officials, the ultimate goal of the scheme is simple: generate hard currency to fund North Korea’s nuclear weapons program. Intelligence sources say Pyongyang has been deploying thousands of IT operatives abroad to illegally raise funds through fraudulent schemes.
This case is especially troubling because it shows that North Korean hackers managed to set up legal companies inside the United States, a rare and alarming development.
🔐 Three Malware Families, One Lazarus Signature
Analysts found that the job files contained at least three known malware families, capable of opening backdoors, downloading additional malicious payloads, and stealing sensitive information. These tactics align closely with past attacks by the Lazarus Group.
⚠️ FBI Warning: Be Cautious of "Too Good to Be True" Job Offers
Federal agents emphasize that this case is a chilling reminder of how North Korea continues to evolve its cyber threats. Tech and cybersecurity professionals should thoroughly vet unsolicited job offers, especially those from unfamiliar companies. Developers infected by these schemes could lose cryptocurrency or unknowingly grant hackers access to larger systems and exchanges.
#HackerAlert , #CyberSecurity , #NorthKoreaHackers , #CryptoSecurity , #CryptoNewss
Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
🚨 $5.2M+ in Crypto Allegedly Stolen by North Korean Hackers! 🕵️♂️🪙
According to PANews and investigator ZachXBT, a major crypto theft has occurred—allegedly carried out by North Korean DPRK-linked hackers.
What we know so far:
🔐 Victim's multi-sig wallets, exchange accounts, and regular addresses were compromised
💸 Over $5.2 million siphoned off
🌪️ Hackers used Tornado Cash to launder 1,000 ETH and hide the trail
🧬 Suspected wallet addresses:
▪️ 0x9d42a049f88f1db4b304441081aff7c40d857bea
▪️ 0x4be5023ad49573a544a9a4109e4f1880a32fe5c3
▪️ 0x31088345396d0cf00a81a3e3b8e8c5bb8ec768a3
This attack highlights the ongoing threat of state-sponsored cybercrime in the crypto space.
Stay alert. Stay secure.
🔒 Double-check your wallet security and avoid centralized risks.
#CryptoSecurity #ZachXBT #NorthKoreaHackers #BlockchainNews #cryptohacks #TornadoCash #DeFiSecurity #PANews #Web3Alert #HackerNews #CryptoUpdate #CyberThreats
According to PANews and investigator ZachXBT, a major crypto theft has occurred—allegedly carried out by North Korean DPRK-linked hackers.
What we know so far:
🔐 Victim's multi-sig wallets, exchange accounts, and regular addresses were compromised
💸 Over $5.2 million siphoned off
🌪️ Hackers used Tornado Cash to launder 1,000 ETH and hide the trail
🧬 Suspected wallet addresses:
▪️ 0x9d42a049f88f1db4b304441081aff7c40d857bea
▪️ 0x4be5023ad49573a544a9a4109e4f1880a32fe5c3
▪️ 0x31088345396d0cf00a81a3e3b8e8c5bb8ec768a3
This attack highlights the ongoing threat of state-sponsored cybercrime in the crypto space.
Stay alert. Stay secure.
🔒 Double-check your wallet security and avoid centralized risks.
#CryptoSecurity #ZachXBT #NorthKoreaHackers #BlockchainNews #cryptohacks #TornadoCash #DeFiSecurity #PANews #Web3Alert #HackerNews #CryptoUpdate #CyberThreats
North Korea's Lazarus Group behind the $1.2 Billion Ethereum Heist. 🇰🇵
A massive $1.19 billion crypto theft has shaken the industry, with North Korea’s Lazarus Group accused of hacking an Ethereum wallet on Bybit. The February 23 attack caused Ethereum’s price to drop 4%, reigniting concerns over exchange security.
Blockchain forensics firm Arkham Intelligence linked the breach to Lazarus, known for funding Pyongyang through cybercrime. Bybit CEO Zhou confirmed 350,000 withdrawal requests but assured users that assets remained secure. Recovery efforts face challenges despite global law enforcement involvement.
The heist follows North Korea’s growing reliance on crypto theft, with Lazarus previously orchestrating billion-dollar breaches, including the $625M Ronin Network hack. Experts stress the need for multi-signature wallets, AI-driven security, and stronger regulatory collaboration to combat state-backed cyber threats.
#NorthKoreaHackers #northkorea #LazarusGroup #Lazarus #Ethereum $ETH
A massive $1.19 billion crypto theft has shaken the industry, with North Korea’s Lazarus Group accused of hacking an Ethereum wallet on Bybit. The February 23 attack caused Ethereum’s price to drop 4%, reigniting concerns over exchange security.
Blockchain forensics firm Arkham Intelligence linked the breach to Lazarus, known for funding Pyongyang through cybercrime. Bybit CEO Zhou confirmed 350,000 withdrawal requests but assured users that assets remained secure. Recovery efforts face challenges despite global law enforcement involvement.
The heist follows North Korea’s growing reliance on crypto theft, with Lazarus previously orchestrating billion-dollar breaches, including the $625M Ronin Network hack. Experts stress the need for multi-signature wallets, AI-driven security, and stronger regulatory collaboration to combat state-backed cyber threats.
#NorthKoreaHackers #northkorea #LazarusGroup #Lazarus #Ethereum $ETH
مجموعة Lazarus (مجموعة هاكرز مدعومة من كوريا الشمالية 🇰🇵) شنت هجومًا على مجمع DEX التابع لـ OKX! 🚨
الهجوم أدى إلى تعليق الخدمة مؤقتًا من قبل OKX، وهو منصة تبادل شهيرة للعملات الرقمية. تُعرف مجموعة Lazarus بكونها واحدة من أخطر المجموعات على الإنترنت، حيث تقوم بشن هجمات تستهدف منصات العملات الرقمية وسرقة أموال المستخدمين لتمويل النظام الكوري الشمالي.
#TonRally #Lazarus #NorthKoreaHackers #BTC #bitcoin
$BTC
الهجوم أدى إلى تعليق الخدمة مؤقتًا من قبل OKX، وهو منصة تبادل شهيرة للعملات الرقمية. تُعرف مجموعة Lazarus بكونها واحدة من أخطر المجموعات على الإنترنت، حيث تقوم بشن هجمات تستهدف منصات العملات الرقمية وسرقة أموال المستخدمين لتمويل النظام الكوري الشمالي.
#TonRally #Lazarus #NorthKoreaHackers #BTC #bitcoin
$BTC
HERE ARE THE LATEST CRYPTOCURRENCY NEWS UPDATES FOR March 11, 2025:
i.Singapore Exchange Plans Bitcoin Futures Listing
The Singapore Exchange (SGX) intends to introduce open-ended bitcoin futures contracts in the latter half of 2025. This initiative is targeted at institutional clients and professional investors, aiming to "significantly expand institutional market access." Retail investors will not have access to these instruments.
ii. European Concerns Over U.S. Cryptocurrency Policies
Eurozone finance ministers have expressed apprehension regarding the U.S. administration's pro-cryptocurrency stance, fearing it could undermine the eurozone's monetary sovereignty and financial stability. President Donald Trump's executive order to establish a strategic cryptocurrency reserve marks a significant policy shift, prompting European officials to expedite discussions on a digital euro to safeguard economic sovereignty.
iii.North Korean Hackers and the $1.5 Billion Crypto Heist
The Lazarus Group, a North Korean hacking collective, has reportedly extracted $300 million from a recent $1.5 billion cryptocurrency heist—the largest in history. The stolen funds are allegedly intended to support North Korea's nuclear program, with hackers working tirelessly to convert the remaining cryptocurrency into cash.
iv.Cryptocurrency Market Trends
Cryptocurrency values are on the rise, with Bitcoin surpassing $90,000. Enthusiasts are keenly observing whether Bitcoin can exceed its previous record high of $109,135.
#NorthKoreaHackers #SingaporeCryptoTrend
#usacryptopolicy
#BTC
i.Singapore Exchange Plans Bitcoin Futures Listing
The Singapore Exchange (SGX) intends to introduce open-ended bitcoin futures contracts in the latter half of 2025. This initiative is targeted at institutional clients and professional investors, aiming to "significantly expand institutional market access." Retail investors will not have access to these instruments.
ii. European Concerns Over U.S. Cryptocurrency Policies
Eurozone finance ministers have expressed apprehension regarding the U.S. administration's pro-cryptocurrency stance, fearing it could undermine the eurozone's monetary sovereignty and financial stability. President Donald Trump's executive order to establish a strategic cryptocurrency reserve marks a significant policy shift, prompting European officials to expedite discussions on a digital euro to safeguard economic sovereignty.
iii.North Korean Hackers and the $1.5 Billion Crypto Heist
The Lazarus Group, a North Korean hacking collective, has reportedly extracted $300 million from a recent $1.5 billion cryptocurrency heist—the largest in history. The stolen funds are allegedly intended to support North Korea's nuclear program, with hackers working tirelessly to convert the remaining cryptocurrency into cash.
iv.Cryptocurrency Market Trends
Cryptocurrency values are on the rise, with Bitcoin surpassing $90,000. Enthusiasts are keenly observing whether Bitcoin can exceed its previous record high of $109,135.
#NorthKoreaHackers #SingaporeCryptoTrend
#usacryptopolicy
#BTC
⚠️ SECURITY ALERT!
North Korean IT workers are stepping up cyberattacks across Europe, targeting blockchain projects like those on Solana, according to a Google Cloud report.
Operatives pose as remote developers using fake identities, securing roles to access critical systems and steal sensitive data.
One operative was found juggling 12 fake personas across the U.S. and Europe, building fake references and even vouching for themselves through other controlled identities.
Their skills span blockchain, AI, and full-stack dev, including work on Solana apps, Anchor smart contracts, and CosmosSDK.
#NorthKoreaHackers
North Korean IT workers are stepping up cyberattacks across Europe, targeting blockchain projects like those on Solana, according to a Google Cloud report.
Operatives pose as remote developers using fake identities, securing roles to access critical systems and steal sensitive data.
One operative was found juggling 12 fake personas across the U.S. and Europe, building fake references and even vouching for themselves through other controlled identities.
Their skills span blockchain, AI, and full-stack dev, including work on Solana apps, Anchor smart contracts, and CosmosSDK.
#NorthKoreaHackers
North Korea-Linked Hackers Exploit Radiant Capital for $50 Million Through Social Engineering
North Korean Hackers Orchestrate Sophisticated Attack
A recent postmortem report reveals that North Korea-backed hackers, identified as UNC4736 (also known as Citrine Sleet), exploited Radiant Capital in a $50 million attack. The operation involved advanced social engineering tactics, with the attackers impersonating a "trusted former contractor" and distributing malware via a zipped PDF file.
Phishing Through Fake Domains and Data Manipulation
The hackers created a fake domain mimicking a legitimate Radiant Capital contractor and reached out to the Radiant team through Telegram. They requested feedback on an alleged smart contract audit project. However, the shared file concealed INLETDRIFT malware, which created macOS backdoors, granting the hackers access to hardware wallets of at least three Radiant developers.
Manipulated Transactions and Compromised Security
During the attack on October 16, the malware tampered with the Safe{Wallet} interface (formerly Gnosis Safe), displaying legitimate transaction data to developers while executing malicious transactions in the background. Despite adhering to stringent security protocols like Tenderly simulations and Standard Operating Procedures (SOP), the attackers successfully compromised multiple developer devices.
UNC4736’s Links to North Korea
According to cybersecurity firm Mandiant, UNC4736 is connected to North Korea's General Reconnaissance Bureau. This group is notorious for targeting cryptocurrency companies and financial institutions globally.
North Korean Hackers Fund Nuclear Programs
The Federal Bureau of Investigation (FBI) has previously warned about North Korean hackers’ sophisticated tactics, including targeting cryptocurrency exchanges and prominent firms. Research indicates that these state-backed groups have stolen approximately $3 billion from the cryptocurrency sector since 2017. The stolen funds are reportedly used to finance North Korea's nuclear weapons program.
A Concerning Trend in Cybersecurity
This case highlights the increasing sophistication of cyberattacks, as hackers deploy social engineering and advanced tools to target cryptocurrency firms. Radiant Capital fell victim to a meticulously planned operation, underscoring the urgent need for enhanced security measures within the crypto industry.
#CryptoNewss , #NorthKoreaHackers , #hackers , #Cryptoscam , #CryptoSecurity
Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
A recent postmortem report reveals that North Korea-backed hackers, identified as UNC4736 (also known as Citrine Sleet), exploited Radiant Capital in a $50 million attack. The operation involved advanced social engineering tactics, with the attackers impersonating a "trusted former contractor" and distributing malware via a zipped PDF file.
Phishing Through Fake Domains and Data Manipulation
The hackers created a fake domain mimicking a legitimate Radiant Capital contractor and reached out to the Radiant team through Telegram. They requested feedback on an alleged smart contract audit project. However, the shared file concealed INLETDRIFT malware, which created macOS backdoors, granting the hackers access to hardware wallets of at least three Radiant developers.
Manipulated Transactions and Compromised Security
During the attack on October 16, the malware tampered with the Safe{Wallet} interface (formerly Gnosis Safe), displaying legitimate transaction data to developers while executing malicious transactions in the background. Despite adhering to stringent security protocols like Tenderly simulations and Standard Operating Procedures (SOP), the attackers successfully compromised multiple developer devices.
UNC4736’s Links to North Korea
According to cybersecurity firm Mandiant, UNC4736 is connected to North Korea's General Reconnaissance Bureau. This group is notorious for targeting cryptocurrency companies and financial institutions globally.
North Korean Hackers Fund Nuclear Programs
The Federal Bureau of Investigation (FBI) has previously warned about North Korean hackers’ sophisticated tactics, including targeting cryptocurrency exchanges and prominent firms. Research indicates that these state-backed groups have stolen approximately $3 billion from the cryptocurrency sector since 2017. The stolen funds are reportedly used to finance North Korea's nuclear weapons program.
A Concerning Trend in Cybersecurity
This case highlights the increasing sophistication of cyberattacks, as hackers deploy social engineering and advanced tools to target cryptocurrency firms. Radiant Capital fell victim to a meticulously planned operation, underscoring the urgent need for enhanced security measures within the crypto industry.
#CryptoNewss , #NorthKoreaHackers , #hackers , #Cryptoscam , #CryptoSecurity
Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“
#CryptoSecurity101 🚨 CRYPTO SECURITY ALERT: June 2025**
➤ $2.2B Stolen in 2024 (60% tied to North Korean hackers!)
➤ Physical Threats Rising: "Wrench attacks" hit U.S., France & beyond
➤ Fighting Back:
- 🤖 AI blockchain surveillance
- 🔐 Biometric air-gapped wallets
- 👥 Multi-sig + social recovery
- 🛡️ Crypto insurance coverage
➤ Quantum Future-Proofing:
NIST’s 2024 quantum-resistant standards underway!
⚠️ YOUR ACTION PLAN:
Layer tech + insurance + physical safety.
Is your portfolio shielded?
👇 Share your security strategy!
#CryptoSecurity #NorthKoreaHackers #QuantumCrypto
➤ $2.2B Stolen in 2024 (60% tied to North Korean hackers!)
➤ Physical Threats Rising: "Wrench attacks" hit U.S., France & beyond
➤ Fighting Back:
- 🤖 AI blockchain surveillance
- 🔐 Biometric air-gapped wallets
- 👥 Multi-sig + social recovery
- 🛡️ Crypto insurance coverage
➤ Quantum Future-Proofing:
NIST’s 2024 quantum-resistant standards underway!
⚠️ YOUR ACTION PLAN:
Layer tech + insurance + physical safety.
Is your portfolio shielded?
👇 Share your security strategy!
#CryptoSecurity #NorthKoreaHackers #QuantumCrypto
The notorious North Korean hacking group, Lazarus, has reportedly set its sights on another target in the decentralized finance (DeFi) space: the OKX DEX aggregator service. The major cryptocurrency exchange has taken swift action, temporarily suspending the service to implement security upgrades and address vulnerabilities.
#OKx #Lazarus #NorthKoreaHackers #Write2Earn
#OKx #Lazarus #NorthKoreaHackers #Write2Earn
⚠️ Hacked by a Fake Job? North Korea’s New Malware Steals Your Crypto in Seconds! 💣💼
💣 New Malware Targets Blockchain Workers — Fake Jobs, Real Threats! 🧠🔐
North Korean hackers are at it again — this time with a sneaky new trick targeting professionals in the crypto industry! 🇰🇵💻 A hacking group known as “Famous Chollima” (aka “Wagemole”) has been using fake job offers to lure crypto experts into downloading a nasty piece of malware called PylangGhost. According to Cisco Talos, this malware is designed to remotely control your computer and steal passwords from crypto wallets and browser extensions like MetaMask, 1Password, and more. 😨🔑
These cybercriminals are impersonating major companies like Coinbase and Uniswap by setting up fake websites and posing as recruiters. Once victims are hooked, they’re guided through a bogus interview process and tricked into running malicious code on their system — all under the pretense of installing a “video driver.” Once the malware is in, it grabs login details, takes screenshots, steals data, and keeps the door open for further attacks. 📷📂🕵️
This isn’t the first time North Korean hackers have pulled this kind of stunt. Similar scams were seen in April, where fake recruitment tests were used to hack developers in the crypto space. As crypto adoption grows, so does the interest from cybercriminals. So, if you're job-hunting in the blockchain world, double-check those offers and never run unknown code — your crypto stash could depend on it! 🔒🛡️
#cryptohacks #NorthKoreaHackers $BTC
North Korean hackers are at it again — this time with a sneaky new trick targeting professionals in the crypto industry! 🇰🇵💻 A hacking group known as “Famous Chollima” (aka “Wagemole”) has been using fake job offers to lure crypto experts into downloading a nasty piece of malware called PylangGhost. According to Cisco Talos, this malware is designed to remotely control your computer and steal passwords from crypto wallets and browser extensions like MetaMask, 1Password, and more. 😨🔑
These cybercriminals are impersonating major companies like Coinbase and Uniswap by setting up fake websites and posing as recruiters. Once victims are hooked, they’re guided through a bogus interview process and tricked into running malicious code on their system — all under the pretense of installing a “video driver.” Once the malware is in, it grabs login details, takes screenshots, steals data, and keeps the door open for further attacks. 📷📂🕵️
This isn’t the first time North Korean hackers have pulled this kind of stunt. Similar scams were seen in April, where fake recruitment tests were used to hack developers in the crypto space. As crypto adoption grows, so does the interest from cybercriminals. So, if you're job-hunting in the blockchain world, double-check those offers and never run unknown code — your crypto stash could depend on it! 🔒🛡️
#cryptohacks #NorthKoreaHackers $BTC
💥 North Korea’s Deadly Cyber Army: Kaise Banaye World-Class Hackers? 💻🔥
$BTC
$ETH
$XRP
🚨 $1.5 BILLION CRYPTO HACK! 🚨
21 Feb ko Bybit Exchange pe ek maha cyber attack hua, jisme $1.5 billion ka crypto loot liya gaya! 🤯💰 Iske piche ka mastermind fir wahi North Korean hacker group - Lazarus hai, jo pehle bhi Ronin cross-chain bridge, aur Defiance Capital ke founder ka wallet hack kar chuka hai! 🔥🎭
😱 Sabse bada sawaal – ek itna closed desh, North Korea, kaise banata hai duniya ke sabse dangerous hackers? 🤔💻
🔺 Cyber Warfare: Pyongyang ka Secret Weapon! 🔺
North Korea traditional military strength me USA-South Korea alliance ka saamna nahi kar sakta, par digital battlefield pe ye ek “secret war” chala raha hai! 💀💻
💣 1980s se hi, North Korean sarkar hacker training pe mega investment kar rahi hai!
🚀 Iska internal code name: “Secret War” 🕵️♂️🔥
🎓 Mirim University (ab University of Automation) – yaha se nikalte hain North Korea ke elite cyber soldiers!
Jang Se-yul, jo 2007 me South Korea bhaag gaya, ek ex-student hai is hi university ka! Waha Bureau 121 ke hackers ke saath special cyber warfare training li jaati thi! ⚡🎯
📢 North Korea sirf ek chhota desh nahi, ek cyber superpower hai! Kya agla target tumhara exchange ho sakta hai? 😨💰
#CyberWar 🛡️ #NorthKoreaHackers 💻🔥 #LazarusGroup 🏴☠️ #CryptoUnderAttack 🚨
$BTC
$ETH
$XRP
🚨 $1.5 BILLION CRYPTO HACK! 🚨
21 Feb ko Bybit Exchange pe ek maha cyber attack hua, jisme $1.5 billion ka crypto loot liya gaya! 🤯💰 Iske piche ka mastermind fir wahi North Korean hacker group - Lazarus hai, jo pehle bhi Ronin cross-chain bridge, aur Defiance Capital ke founder ka wallet hack kar chuka hai! 🔥🎭
😱 Sabse bada sawaal – ek itna closed desh, North Korea, kaise banata hai duniya ke sabse dangerous hackers? 🤔💻
🔺 Cyber Warfare: Pyongyang ka Secret Weapon! 🔺
North Korea traditional military strength me USA-South Korea alliance ka saamna nahi kar sakta, par digital battlefield pe ye ek “secret war” chala raha hai! 💀💻
💣 1980s se hi, North Korean sarkar hacker training pe mega investment kar rahi hai!
🚀 Iska internal code name: “Secret War” 🕵️♂️🔥
🎓 Mirim University (ab University of Automation) – yaha se nikalte hain North Korea ke elite cyber soldiers!
Jang Se-yul, jo 2007 me South Korea bhaag gaya, ek ex-student hai is hi university ka! Waha Bureau 121 ke hackers ke saath special cyber warfare training li jaati thi! ⚡🎯
📢 North Korea sirf ek chhota desh nahi, ek cyber superpower hai! Kya agla target tumhara exchange ho sakta hai? 😨💰
#CyberWar 🛡️ #NorthKoreaHackers 💻🔥 #LazarusGroup 🏴☠️ #CryptoUnderAttack 🚨
Login to explore more contents