Research: North Korean hackers exploit fake job opportunities to infiltrate cloud systems, having stolen 1.6 billion dollars in Crypto Assets this year.

PANews August 5th news, according to Decrypt, based on research by Google Cloud and cybersecurity company Wiz, North Korean hacker groups are infiltrating cloud systems through fake IT job offers, with an estimated theft of $1.6 billion in Crypto Assets by 2025. The research shows that the hacker team codenamed UNC4899 (also known as TraderTraitor, Jade Sleet, or Slow Pisces) impersonates recruiters on social media to lure employees of targeted companies into running malicious programs, successfully invading Google Cloud and AWS systems and hijacking Crypto Assets trading hosts. Wiz stated that TraderTraitor represents a type of threat activity rather than a specific group, with North Korea-supported entities Lazarus Group, APT38, BlueNoroff, and Stardust Chollima being typical behind-the-scenes operatives of TraderTraitor attacks. This attack pattern has been evolving since 2020: initially using JavaScript to build malicious encryption applications, in 2023 it introduced exploits of open-source code vulnerabilities, and in 2024 it focused on attacking exchange cloud infrastructure, including an intrusion incident that caused a loss of $305 million for Japan's DMM Bitcoin. Experts point out that North Korean hackers were the first to adopt AI technology to generate phishing emails and malicious scripts, with their attack team potentially numbering in the thousands.