Hackers gained access to a developer’s computer by posing as a former contractor.
The hackers were able to gain access by impersonating a former contractor., the attackers started laying the groundwork for the Oct. 16 attack in mid-September, when a Telegram message from what appeared to be a trusted former contractor was sent to a Radiant Capital developer.
The message said the contractor was pursuing a new career opportunity related to smart contract auditing and was seeking feedback. It included a link to a zipped PDF file, which the developer opened and shared with other colleagues. The message is now believed to have come from a “DPRK-aligned threat actor” who was impersonating the contractor, according to the report. The file contained a piece of malware called INLETDRIFT that established a persistent macOS backdoor while displaying a legitimate-looking PDF to the user.
Radiant Capital said that traditional checks and simulations showed no obvious discrepancies, making the threat virtually invisible during normal review stages.The North Korean link was identified by cybersecurity firm Mandiant, although the investigation is still incomplete. Mandiant said it believes the attack was orchestrated by UNC4736, a group aligned to the country’s Reconnaissance General Bureau. It is also known as AppleJeus or Citrine Sleet.
The group has been implicated in several other attacks linked to cryptocurrency companies. It has previously used fake crypto exchange websites to trick people into downloading malicious software through links to job openings and fake wallets.Callan Quinn is a Hong Kong-based news reporter at CoinDesk. She previously covered the crypto industry for The Block and DL News, writing about crypto fraud in Asia, regulation and web3 culture, as well as testing out new projects like China's CBDC.
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Chinese hackers target Tibetan websites in malware attack, cybersecurity group saysA hacking group that is believed to be Chinese state-sponsored has compromised two websites with ties to the Tibetan community in an attack meant to install malware on users’ computers.
Read more »
Chinese hackers target Tibetan websites in malware attack, cybersecurity group saysA hacking group that is believed to be Chinese state-sponsored has compromised two websites with ties to the Tibetan community in an attack meant to install malware on users’ computers.
Read more »
Chinese hackers target Tibetan websites in malware attack, cybersecurity group saysA hacking group that is believed to be Chinese state-sponsored has compromised two websites with ties to the Tibetan community in an attack meant to install malware on users’ computers.
Read more »
Library of Congress says hackers accessed its emails with lawmakers' officesKevin Collier is a reporter covering cybersecurity, privacy and technology policy for NBC News.
Read more »
Hackers shipped unauthorized purchases to Long Island home, then porch pirates swiped package, family saysA Long Island family says they caught porch pirates swiping a package from their home earlier this month, but they weren't the ones who had ordered the item.
Read more »
US, Britain launch raids on Yemeni capital Sanaa, elsewhere, Al Masirah TV saysUS, Britain launch raids on Yemeni capital Sanaa, elsewhere, Al Masirah TV says
Read more »