cyberattack

State-sponsored hackers from North Korea are pushing boundaries once again. By offering fake freelance IT jobs, they’ve infiltrated cloud infrastructures of crypto companies and stolen hundreds of millions in digital assets — all through malware, social engineering, and even artificial intelligence.

🎯 The Target: Employees' Trust
According to recent cybersecurity findings, the North Korean group UNC4899 (also known as TraderTraitor) approached unsuspecting employees via social media, posing as recruiters with enticing IT job offers. Once they gained the target's trust, they sent “test tasks” which, when executed, infected the victim’s device with malware.
This opened the door to cloud environments, allowing the hackers to steal login credentials, explore the infrastructure, and identify the servers responsible for processing crypto transactions.
The result? Several multi-million dollar thefts in just one attack — repeated across various companies.

🧠 AI as a Weapon of the Future
The report highlights how these hackers are extremely adaptive. They use artificial intelligence to generate highly realistic messages and conversations that build rapport with their victims. Their phishing scripts and malware-laced communications are now more convincing than ever.
The attackers often impersonate journalists, professors, or subject matter experts to boost credibility.

🛠 From JavaScript to Electron
This campaign began as early as 2020, when hackers used fake job offers to trick employees into downloading applications built with Node.js and the Electron framework — apps that turned out to be trojans.
By 2024, their methods evolved, focusing on malicious open-source code and intensive targeting of crypto exchanges.
📉 Some of the largest attacks include:
🔹 The DMM Bitcoin hack in Japan – $305 million stolen

🔹 The Bybit hack – $1.5 billion stolen late in 2024

☁️ Why Cloud Infrastructure?
Cloud platforms are the lifeblood of many young crypto firms — which also makes them incredibly vulnerable. Many of these companies are cloud-native and still maturing their security practices.
Experts say cloud-based attacks enable hackers to target broader systems, increasing their chance to profit on a larger scale.

💰 Tally So Far: $1.6 Billion in 2025
Reports estimate that North Korean hacking groups have stolen over $1.6 billion in crypto assets in 2025 alone. These operations are highly organized, with thousands of individuals spread across overlapping subgroups.
The country has become a global leader in crypto hacking, accounting for 35% of all stolen funds worldwide in 2024.

🚨 What’s Next?
North Korean hackers continue to evolve and adapt — leveraging AI, cloud weaknesses, and advanced social engineering tactics. And their operations show no signs of slowing down.
“There are no signs of these attacks slowing. If anything, the expansion will likely accelerate,” experts warn.

#CyberSecurity , #northkorea , #hackers , #cyberattack , #cybercrime

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

Trezor, a hardware #wallet provider, recently acknowledged that a security breach involving their third-party email service resulted in a series of fraudulent emails being sent to their customers over the last 12 hours.
On January 24, #Trezor issued a statement revealing that they had identified an unauthorized email, which falsely claimed to be from the company, disseminated by a third-party email service they use.
The deceptive email, sent from "[email protected]," falsely instructed users to update their "network" or face the risk of losing their funds.
The email contained a link leading to a website that asked users to input their seed phrase.
Trezor has reported no instances of users losing funds due to this phishing scam, and there are no indications that any Trezor users have been duped by this fraudulent scheme.

Trezor Says it Has Deactivated the Malicious Link
Trezor has informed its customers that they have effectively neutralized the harmful link and assured them that their funds are secure as long as they haven't entered their recovery seed.
"We rapidly disabled the malicious link in the email, significantly reducing the threat's potential impact!"
However, Trezor has advised customers who did input their recovery seed to move their funds to a new wallet immediately.
According to Trezor's ongoing inquiry, an unauthorized party accessed their email address database, primarily used for newsletters, and then sent the fraudulent emails using a third-party email service.
Recently, on January 23, MailerLite, an email marketing software company, reported a security breach. This incident led to a spate of phishing emails exploiting the branded domains of various companies, including Cointelegraph, WalletConnect, and Token Terminal.
It remains uncertain whether Trezor uses the same email domain provider as those affected.
Digital asset attorney Joe Carlasare recounted his experience of receiving the phishing email in a post, labeling it as a “sophisticated scam.”
Exploring the Link Between Support Portal Breach and Recent Hack
There is speculation that the recent #cyberattack might be connected to a prior security breach involving Trezor's support portal, where the personal information of approximately 66,000 users was exposed on January 17.
Despite this breach, the company has stressed that no recovery seed phrases were compromised as a result of the incident. At that time, Trezor, the hardware wallet provider, took immediate action to limit unauthorized access and has been actively reaching out to affected users.
It's important to highlight that this is not the first instance where Trezor has encountered attempts to compromise user assets. Despite its reputable standing in the cryptocurrency hardware wallet industry, Trezor has faced various security challenges in recent years.
In February of the previous year, Trezor issued a warning to users about a phishing attack designed to deceive investors into disclosing their recovery phrase on a counterfeit Trezor website.
Additionally, in May, the cybersecurity firm Kaspersky reported the emergence of a counterfeit hardware wallet posing as a genuine Trezor product. This deceptive device used a substituted microcontroller to gain access to a user's private keys, enabling fraudsters to steal funds.

Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

The world is facing another major cyberattack—this time targeting the very core of governmental institutions. Hackers have exploited an unpatched vulnerability in Microsoft’s widely used SharePoint Server software, compromising dozens of organizations worldwide, from U.S. federal agencies to telecom networks across Asia.
Unlike Microsoft’s cloud-based services like Microsoft 365, the issue lies within local SharePoint servers—internal systems used for storing and sharing documents. These servers became the prime targets.

Zero-Day Flaw Left Thousands of Systems Unprotected
This is a "zero-day" vulnerability—an undisclosed flaw with no available patch. According to security experts, thousands of institutions were left exposed with no defenses in place.
Early investigations show that attackers infiltrated systems of over 50 organizations, including European government agencies, a major energy provider in the U.S., and a university in Brazil. In one Eastern U.S. state, hackers blocked access to a batch of public documents, making it impossible for the government to delete or retrieve them.

No Patch from Microsoft Yet — Organizations Forced to Improvise
Despite the severity of the breach, Microsoft has yet to release an official patch. Affected institutions have had to resort to temporary fixes—such as server reconfigurations or disconnecting them from the internet—to reduce risk.
While Microsoft confirmed the breach and issued a security advisory, the company has remained publicly silent. It recommended users quarantine vulnerable servers and take them offline if necessary.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with counterparts in Canada and Australia, has launched an investigation. The Center for Internet Security (CIS), which works with local U.S. governments, identified nearly 100 at-risk organizations, including public schools and universities.
The situation is further complicated by recent budget cuts, which led to the termination of 60% of the personnel handling threat response. According to CIS Vice President Randy Rose, it took six hours on Saturday night to process the first incident alert. "If we hadn’t lost so many team members, it would’ve been much faster," he added.

Microsoft Faces Growing Scrutiny
This isn’t the first time Microsoft has faced doubts about its ability to protect customers. The Department of Homeland Security noted that the attackers may have built on an earlier SharePoint vulnerability that Microsoft had only partially addressed.
Experts warn of long-term consequences. Once attackers gain access to SharePoint servers, they can move laterally into systems like Outlook, Microsoft Teams, and internal databases. Some reportedly stole cryptographic keys that could enable future access—even after a patch is applied.
One anonymous researcher involved in the federal investigation warned, “Even if Microsoft releases a fix on Monday or Tuesday, it won’t help those already breached in the past 72 hours.”

Past Criticism Comes Back into Focus
Last year, a government-appointed panel criticized Microsoft’s handling of a targeted Chinese cyberattack on U.S. federal email systems—including communications by then-Commerce Secretary Gina Raimondo. In that case, hackers abused Microsoft’s cloud platform to access sensitive government emails.
The situation escalated further after a ProPublica report revealed that Microsoft had hired engineers in China to work on cloud systems tied to the U.S. military. In response, Microsoft announced on Friday that it would no longer employ Chinese workers on Pentagon-related projects.

Long-Term Fallout Likely
Governments, cybersecurity agencies, and corporations worldwide are now questioning whether Microsoft can still be trusted as a critical tech provider when it repeatedly fails to address major vulnerabilities in time.
While attackers gain access to sensitive data, the world is waiting for Microsoft to deliver a real solution—and wondering what the consequences will be for those already affected.

#cyberattack , #CyberSecurity , #HackAlert , #Microsoft , #hacking

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

The U.S. National Nuclear Security Administration (NNSA), which oversees the design and maintenance of America’s nuclear weapons arsenal, has become one of the victims of a cyberattack targeting Microsoft SharePoint. The incident also affected several other key government agencies – and all signs point once again to China-linked hackers.

Microsoft Targeted Again – Along with the U.S. Nuclear Authority
The vulnerability in Microsoft SharePoint was exploited on July 18, and according to a spokesperson from the Department of Energy, some systems were affected. Fortunately, due to widespread use of Microsoft 365 cloud services and robust cybersecurity measures, the damage was reportedly minimal, with only a few systems impacted – all of which are now being restored.
Representatives of the NNSA confirmed that no classified information was leaked during the incident. Still, the fact that someone managed to access infrastructure related to U.S. nuclear operations is highly concerning.

SharePoint – The Weak Link
The vulnerability only affected locally hosted SharePoint systems – not the cloud-based ones – which opened the door to this breach. The attack extended far beyond U.S. borders, hitting Middle Eastern and EU government systems as well. Other U.S. victims included the Department of Education, the Florida Department of Financial Services, and Rhode Island’s General Assembly.
Earlier reports revealed that hackers stole login credentials, tokens, and hash codes, potentially giving them access to sensitive internal systems.

China-Linked Groups Suspected
Microsoft has named several hacking groups believed to be backed by the Chinese government – specifically Violet Typhoon, Linen Typhoon, and Storm-2603. Cybersecurity firm Mandiant, owned by Google, stated that at least one attacker was very likely of Chinese origin.
U.S. cybersecurity agency CISA confirmed that the SharePoint vulnerability is being actively exploited. Microsoft has already released three updates to fix the issue.
The Chinese embassy in Washington responded by denying any involvement and warned against “groundless accusations.”

Microsoft Under Fire
Microsoft has become a repeated target of high-level cyberattacks in recent years. In 2021, a separate Chinese group called Hafnium breached systems via a vulnerability in Microsoft Exchange Server. After facing sharp criticism for its previous response, Microsoft CEO Satya Nadella declared that cybersecurity is now the company’s top priority.
Recently, Microsoft also announced it would no longer rely on Chinese engineers for developing cloud services tied to the U.S. Department of Defense – following concerns that such arrangements may have enabled access to sensitive systems.

The Flaw Was First Discovered – by Ethical Hackers
Interestingly, the SharePoint vulnerability was first discovered in May during a hacking contest in Berlin organized by cybersecurity firm Trend Micro. The event offered $100,000 rewards for discovering zero-day vulnerabilities, demonstrating just how valuable – and dangerous – these flaws can be.

Summary: Another Security Blow for the U.S.
Although no classified data was leaked, confidence in government infrastructure has taken another hit. The NNSA was among several high-profile victims, and China-sponsored cyber threats continue to rise.
The U.S. once again finds itself needing to strengthen its cyber defenses – not just against foreign adversaries, but also against its own systemic vulnerabilities.

#CyberSecurity , #Microsoft , #cyberattack , #hacking , #CryptoNews

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“