According to PANews, North Korean hacker groups are reportedly using fake IT job offers to infiltrate cloud systems, with an estimated $1.6 billion in cryptocurrency stolen by 2025. Research conducted by Google Cloud and cybersecurity firm Wiz reveals that the hacker team, codenamed UNC4899, also known as TraderTraitor, Jade Sleet, or Slow Pisces, is impersonating recruiters on social media to trick employees into running malicious programs. These tactics have successfully breached Google Cloud and AWS systems, hijacking cryptocurrency trading platforms.
Wiz indicates that TraderTraitor represents a type of threat activity rather than a specific group, with North Korean-backed entities such as Lazarus Group, APT38, BlueNoroff, and Stardust Chollima being typical perpetrators behind these attacks.
The attack strategy has evolved since 2020, initially using JavaScript to build malicious encryption applications. By 2023, the hackers began exploiting open-source code vulnerabilities, and in 2024, they focused on attacking cloud infrastructure of exchanges, including an incident that resulted in a $305 million loss for Japan's DMM Bitcoin.
Experts highlight that North Korean hackers are among the first to use AI technology to generate phishing emails and malicious scripts, with their attack teams potentially comprising thousands of individuals.