CoinVoice has recently learned that, according to a Decrypt report based on research by Google Cloud and cybersecurity company Wiz, North Korean hacker groups are infiltrating cloud systems through fake IT job offers and are expected to have stolen $1.6 billion in cryptocurrency by 2025. The research shows that the hacker team codenamed UNC4899 (also known as TraderTraitor, Jade Sleet, or Slow Pisces) impersonates recruiters on social media to lure employees of target companies into running malicious programs, successfully infiltrating Google Cloud and AWS systems and hijacking cryptocurrency trading hosts. Wiz indicates that TraderTraitor represents a type of threat activity rather than a specific group, with North Korean-supported entities Lazarus Group, APT38, BlueNoroff, and Stardust Chollima being typical behind-the-scenes operators of TraderTraitor attacks.
This attack mode has been evolving since 2020: initially using JavaScript to build malicious encryption applications, in 2023 it introduced open-source code exploits, and in 2024 it focused on attacking exchange cloud infrastructure, including the intrusion incident that caused a loss of $305 million for Japan's DMM Bitcoin. Experts point out that North Korean hackers were the first to adopt AI technology to generate phishing emails and malicious scripts, and their attack team may consist of thousands of people. [Original link]