North Korean hacker groups are using tricks to invite freelance IT work to infiltrate the cloud systems of companies and steal millions of USD in cryptocurrency. According to reports from Google Cloud and security firm Wiz, this is a sophisticated and increasingly expanding campaign.
Details and methods of the attack
Google Cloud has tracked a North Korean unit named UNC4899, which successfully attacked two companies after reaching out to employees via social media. By asking employees to perform tasks to install malware, the hacker group established a connection with the company's cloud system, stole login information, and ultimately withdrew cryptocurrency. In both incidents, the damage amounted to millions of USD.
According to experts from Google, North Korean hackers are becoming increasingly sophisticated, often impersonating employers, journalists, or specialists to gain trust. They also quickly adopt AI technology to create persuasive lure emails and write malware.
Major attacks and targeted goals
Wiz's report indicates that this fraud campaign, also known as TraderTraitor, began in 2020 and has caused several major attacks, including the Axie Infinity Ronin Network hack worth 620 million USD and the Bybit hack worth 1.5 billion USD. Hackers are focusing on cloud systems as these are where data and money are stored, especially with new crypto companies.
The main goal of these attacks is to create illegal funding for North Korea's weapons program. With an estimated 1.6 billion USD in cryptocurrency stolen this year, experts warn that these activities show no signs of slowing down.
