PANews reports on August 5th that according to Decrypt, based on research by Google Cloud and cybersecurity company Wiz, North Korean hacker groups are infiltrating cloud systems through fake IT job offers, with an estimated theft of $1.6 billion in cryptocurrencies by 2025. The research shows that the hacker team codenamed UNC4899 (also known as TraderTraitor, Jade Sleet, or Slow Pisces) disguises itself as a recruiter on social media, tricking target company employees into running malicious programs, successfully infiltrating Google Cloud and AWS systems and hijacking cryptocurrency trading hosts. Wiz states that TraderTraitor represents a type of threat activity rather than a specific group, with North Korea-supported entities like Lazarus Group, APT38, BlueNoroff, and Stardust Chollima being typical masterminds behind TraderTraitor attacks.
This attack pattern has been evolving since 2020: initially using JavaScript to build malicious crypto applications, introducing open-source code vulnerability exploits in 2023, and focusing on attacking exchange cloud infrastructure in 2024, including the invasion that caused $305 million in losses for Japan's DMM Bitcoin. Experts note that North Korean hackers are pioneering the use of AI technology to generate phishing emails and malicious scripts, with their attack teams potentially numbering in the thousands.
