DeFi Daily News
Monday, August 4, 2025
Advertisement
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • Altcoins
    • DeFi-IRA
  • DeFi
    • NFT
    • Metaverse
    • Web 3
  • Finance
    • Business Finance
    • Personal Finance
  • Markets
    • Crypto Market
    • Stock Market
    • Analysis
  • Other News
    • World & US
    • Politics
    • Entertainment
    • Tech
    • Sports
    • Health
  • Videos
No Result
View All Result
DeFi Daily News
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • Altcoins
    • DeFi-IRA
  • DeFi
    • NFT
    • Metaverse
    • Web 3
  • Finance
    • Business Finance
    • Personal Finance
  • Markets
    • Crypto Market
    • Stock Market
    • Analysis
  • Other News
    • World & US
    • Politics
    • Entertainment
    • Tech
    • Sports
    • Health
  • Videos
No Result
View All Result
DeFi Daily News
No Result
View All Result
Home DeFi Web 3

rewrite this title North Korean Hackers Are Using Fake Job Offers to Breach Cloud Systems, Steal Billions in Crypto – Decrypt

Simon Chandler by Simon Chandler
August 4, 2025
in Web 3
0 0
0
rewrite this title North Korean Hackers Are Using Fake Job Offers to Breach Cloud Systems, Steal Billions in Crypto – Decrypt
0
SHARES
0
VIEWS
Share on FacebookShare on TwitterShare on Telegram
Listen to this article


rewrite this content using a minimum of 1000 words and keep HTML tags

In brief

North Korean hackers have used fake IT job offers to breach cloud systems and steal millions in crypto, Google and Wiz found.
The TraderTraitor campaign has evolved since 2020 to target crypto firms with malware and AI-generated lures.
The groups have stolen $1.6 billion in crypto this year and continue to scale their operations.

North Korean hacking groups are using the lure of freelance IT work to gain access to cloud systems and steal cryptocurrencies worth millions of dollars, according to separate research from Google Cloud and security firm Wiz.

Google Cloud’s H2 2025 Cloud Threat Horizons Report reveals that Google Threat Intelligence Group is “actively tracking” UNC4899, a North Korean hacking unit that successfully hacked two companies after contacting employees via social media.

In both cases, UNC4899 gave the employees tasks that resulted in the employees running malware on their workstations, enabling the hacking group to establish connections between its command-and-control centers and the target companies’ cloud-based systems.



As a result, UNC4899 was able to explore the victims’ cloud environments, obtaining credential materials and ultimately identifying hosts responsible for processing crypto transactions.

While each separate incident targeted different (unnamed) companies and different cloud services (Google Cloud and AWS), both resulted in the theft of “several millions worth of crypto.”

The use of job lures by North Korean hackers is now “quite common and widespread,” reflecting a considerable degree of sophistication, Jamie Collier, the Lead Threat Intelligence Advisor for Europe at Google Threat Intelligence Group, told Decrypt.

“They frequently pose as job recruiters, journalists, subject matter experts, or college professors when contacting targets,” he said, adding that they often communicate back and forth several times in order to build a rapport with targets.

Quick to act

Collier explains that North Korean threat actors were among the first to quickly adopt new technologies such as AI, which they use to produce “more convincing rapport-building emails” and to write their malicious scripts.

Also reporting on UNC4899’s exploits is cloud security firm Wiz, which notes that the group is also referred to by the names TraderTraitor, Jade Sleet, and Slow Pisces.

TraderTraitor represents a certain kind of threat activity rather than a specific group, with the North Korea-backed entities Lazarus Group, APT38, BlueNoroff, and Stardust Chollima all behind typical TraderTraitor exploits, Wiz said.

In its analysis of UNC4899/TraderTraitor, Wiz notes that campaigns began back in 2020 and that from the beginning, the responsible hacking groups used job lures to coax employees into downloading malicious crypto apps that were built on JavaScript and Node.js using the Electron framework.

The group’s campaign from 2020 to 2022 “successfully breached multiple organizations,” according to Wiz, including Lazarus Group’s $620 million breach of Axie Infinity’s Ronin Network.

TraderTraitor threat activity then evolved in 2023 to incorporate the use of malicious open-source code, while in 2024, it doubled down on fake job offers, primarily targeting exchanges.

Most notably, TraderTraitor groups were responsible for the $305 million hack of Japan’s DMM Bitcoin, and also the $1.5 billion Bybit hack in late 2024, which the exchange revealed in February of this year.

Targeting the cloud

As with the exploits highlighted by Google, these hacks targeted cloud systems to varying degrees, and according to Wiz, such systems represent a significant vulnerability for crypto.

“We believe that TraderTraitor has focused on cloud-related exploits and techniques because that is where the data, and thus money, is,” Benjamin Read, Wiz’s Director of Strategic Threat Intelligence, told Decrypt. “This is especially true for the crypto industry, where the companies are newer and likely to have built their infrastructure in a cloud-first manner.”

Read explained that targeting cloud technologies enables hacking groups to impact a wide range of targets, increasing the potential to make more money.

These groups are doing big business, with “estimates of $1.6 billion in cryptocurrency stolen so far in 2025,” he said, adding that TraderTraitor and related groups have workforces “likely in the thousands of people,” who work in numerous and sometimes overlapping groups. 

“While coming up with a specific number is difficult, it is clear that the North Korean regime is investing significant resources in these capabilities.”

Ultimately, such investment has enabled North Korea to become a leader in crypto hacking, with a February TRM Labs report concluding that the country accounted for 35% of all stolen funds last year.

Experts said all available signs suggest the country is likely to remain a fixture in crypto-related hacking for some time to come, especially given the ability of its operatives to develop new techniques.

“​​North Korean threat actors are a dynamic and agile force that continuously adapts to meet the regime’s strategic and financial objectives,” Google’s Collier said.

Reiterating that North Korean hackers are increasingly making use of AI, Collier explained that such use enables “force multiplication,” which in turn has enabled the hackers to scale up their exploits. 

“We see no evidence of them slowing down and anticipate this expansion to continue,” he said.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.

and include conclusion section that’s entertaining to read. do not include the title. Add a hyperlink to this website http://defi-daily.com and label it “DeFi Daily News” for more trending news articles like this



Source link

Tags: BillionsBreachCloudCryptoDecryptFakeHackersjobKoreanNorthOffersrewriteStealSystemstitle
ShareTweetShare
Previous Post

rewrite this title Did Tiffany Haddish Have A Baby With Her Celeb Friend?? Fans Are SOOO Confused! – Perez Hilton

Next Post

DeFi-IRA, 1 year Anniversary Special

Next Post
DeFi-IRA, 1 year Anniversary Special

DeFi-IRA, 1 year Anniversary Special

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Search

No Result
View All Result
  • Trending
  • Comments
  • Latest
The Future of Blockchain: An Inside Look at Cardano

The Future of Blockchain: An Inside Look at Cardano

July 18, 2024
Spanish Police Dramatically Stop Illegal Immigrants by Cutting Their Boat in Half

Spanish Police Dramatically Stop Illegal Immigrants by Cutting Their Boat in Half

August 29, 2024
rewrite this title 4 Secrets from Chefs for Better Cruise Dining – NerdWallet

rewrite this title 4 Secrets from Chefs for Better Cruise Dining – NerdWallet

November 15, 2024
rewrite this title and make it good for SEO 7 Strategies to Maximize NFT Airdrop Rewards

rewrite this title and make it good for SEO 7 Strategies to Maximize NFT Airdrop Rewards

January 15, 2025
IT STARTED: US Bombs Iran and CRASHES Bitcoin… What’s NEXT?

IT STARTED: US Bombs Iran and CRASHES Bitcoin… What’s NEXT?

June 22, 2025
Top 19 crypto coins that will EXPLODE in July 2025!!

Top 19 crypto coins that will EXPLODE in July 2025!!

July 2, 2025
DeFi-IRA, 1 year Anniversary Special

DeFi-IRA, 1 year Anniversary Special

August 4, 2025
rewrite this title North Korean Hackers Are Using Fake Job Offers to Breach Cloud Systems, Steal Billions in Crypto – Decrypt

rewrite this title North Korean Hackers Are Using Fake Job Offers to Breach Cloud Systems, Steal Billions in Crypto – Decrypt

August 4, 2025
rewrite this title Did Tiffany Haddish Have A Baby With Her Celeb Friend?? Fans Are SOOO Confused! – Perez Hilton

rewrite this title Did Tiffany Haddish Have A Baby With Her Celeb Friend?? Fans Are SOOO Confused! – Perez Hilton

August 4, 2025
rewrite this title Chainlink launches real-time US equities data stream on 37 blockchains

rewrite this title Chainlink launches real-time US equities data stream on 37 blockchains

August 4, 2025
rewrite this title with good SEO XRP MVRV Flashes Death Cross: More Decline Ahead?

rewrite this title with good SEO XRP MVRV Flashes Death Cross: More Decline Ahead?

August 4, 2025
rewrite this title Two-Time Best of Show Winner Array Acquires Fellow Finovate Alum MoneyKit – Finovate

rewrite this title Two-Time Best of Show Winner Array Acquires Fellow Finovate Alum MoneyKit – Finovate

August 4, 2025
DeFi Daily

Stay updated with DeFi Daily, your trusted source for the latest news, insights, and analysis in finance and cryptocurrency. Explore breaking news, expert analysis, market data, and educational resources to navigate the world of decentralized finance.

  • About Us
  • Blogs
  • DeFi-IRA | Learn More.
  • Advertise with Us
  • Disclaimer
  • Privacy Policy
  • DMCA
  • Cookie Privacy Policy
  • Terms and Conditions
  • Contact us

Copyright © 2024 Defi Daily.
Defi Daily is not responsible for the content of external sites.

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Cryptocurrency
    • Bitcoin
    • Ethereum
    • Altcoins
    • DeFi-IRA
  • DeFi
    • NFT
    • Metaverse
    • Web 3
  • Finance
    • Business Finance
    • Personal Finance
  • Markets
    • Crypto Market
    • Stock Market
    • Analysis
  • Other News
    • World & US
    • Politics
    • Entertainment
    • Tech
    • Sports
    • Health
  • Videos

Copyright © 2024 Defi Daily.
Defi Daily is not responsible for the content of external sites.