North Korean hackers use fake job opportunities to invade cloud systems, stealing $1.6 billion in cryptocurrency

According to reports from Decrypt, Google Cloud and cybersecurity company Wiz's research shows that a North Korean hacking group codenamed UNC4899 has successfully invaded Google Cloud and AWS systems by posing as recruiters on social media to lure target company employees into running malicious programs, stealing cryptocurrency trading hosts. It is understood that these attacks, known as TraderTraitor or Jade Sleet, Slow Pisces, are executed by specific entities supported by North Korea, including Lazarus Group, APT38, BlueNoroff, and Stardust Chollima. Since 2020, this attack pattern has continued to evolve, from early malicious cryptocurrency applications built with JavaScript to the introduction of open-source code exploits in 2023. It is expected that attacks will focus on exchange cloud infrastructure in 2024, with one incident leading to a loss of $305 million for Japan's DMM Bitcoin. Experts point out that North Korean hackers are among the first to adopt AI technology to generate phishing emails and malicious scripts, and their attack teams may number in the thousands.