|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
日本和美國當局先前曾將 2024 年 5 月加密貨幣公司 DMM Bitcoin 價值 3.08 億美元的加密貨幣失竊歸咎於北韓網路攻擊者。
Japanese and U.S. authorities have formally linked the theft of cryptocurrency to the tune of $308 million from cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors.
日本和美國當局已正式將加密貨幣盜竊案與 2024 年 5 月加密貨幣公司 DMM Bitcoin 向北韓網路攻擊者盜竊的 3.08 億美元聯繫起來。
"The theft is connected to TraderTraitor threat activity, also known as Jade Sleet, UNC4899, and Slow Pisces," the agencies stated. "Multiple employees of the same company at once are frequently targeted by TraderTraitor activity with the use of social engineering."
這些機構表示:“這起盜竊事件與 TraderTraitor 威脅活動(也稱為 Jade Sleet、UNC4899 和 Slow Pisces)有關。” “同一家公司的多名員工經常成為利用社會工程手段進行 TraderTraitor 活動的目標。”
The Federal Bureau of Investigation, the Department of Defense Cyber Crime Center, and the National Police Agency of Japan are credited with issuing the warning. It's interesting to note that DMM Bitcoin stopped operating earlier this month.
據信,美國聯邦調查局、國防部網路犯罪中心和日本國家警察廳發布了這項警告。有趣的是,DMM 比特幣在本月初停止營運。
TraderTraitor is a group of persistent threat activities connected to North Korea that has targeted Web3 businesses in the past, luring victims into downloading cryptocurrency apps that contain malware and ultimately enabling theft. It has been active since at least 2020 and is known for its activities.
TraderTraitor 是一組與北韓有關的持續威脅活動,過去曾針對 Web3 企業,引誘受害者下載包含惡意軟體的加密貨幣應用程序,最終導致盜竊。它至少自 2020 年以來一直活躍,並以其活動而聞名。
The hacking team has carried out a number of attacks in recent years that make use of social engineering campaigns centered on employment or reaching out to potential targets under the guise of working together on a GitHub project, which then results in the deployment of malicious npm packages.
近年來,該駭客團隊利用以就業為中心的社會工程活動或以 GitHub 專案合作為幌子接觸潛在目標,實施了多次攻擊,從而導致部署惡意 npm 套件。
The group is perhaps best known, though, for its penetration and unauthorized access to JumpCloud's systems last year in order to target a select group of downstream customers.
不過,該組織最出名的可能是去年對 JumpCloud 系統進行滲透和未經授權的訪問,以瞄準特定的下游客戶群。
The FBI documented an attack chain in which the threat actors contacted an employee at Ginco, a software company for cryptocurrency wallets based in Japan, in March 2024, posing as a recruiter and providing them with a URL to a malicious Python script hosted on GitHub as part of a supposed pre-employment test.
FBI 記錄了一個攻擊鏈,其中威脅行為者於 2024 年 3 月聯繫了日本加密貨幣錢包軟體公司 Ginco 的一名員工,冒充招聘人員並向他們提供了託管在 GitHub 上的惡意 Python 腳本的 URL:所謂的就業前測試的一部分。
The victim, who had access to Ginco's wallet management system, copied the Python code to their personal GitHub page, which ultimately resulted in their compromise.
受害者可以存取 Ginco 的錢包管理系統,並將 Python 程式碼複製到他們的個人 GitHub 頁面,最終導致了他們的妥協。
The adversary proceeded to the next stage of the attack in mid-May 2024, exploiting session cookie information to impersonate the compromised employee and successfully gaining access to Ginco's unencrypted communications system.
攻擊者於 2024 年 5 月中旬進行下一階段的攻擊,利用會話 cookie 資訊冒充受感染的員工,並成功存取 Ginco 的未加密通訊系統。
"In late-May 2024, the actors likely used this access to manipulate a legitimate transaction request by a DMM employee, resulting in the loss of 4,502.9 BTC, valued at $308 million at the time of the attack," the agencies said. "The stolen funds ultimately moved to TraderTraitor-controlled wallets."
這些機構表示:“2024 年 5 月下旬,攻擊者可能利用此訪問權限操縱 DMM 員工的合法交易請求,導致 4,502.9 BTC 損失,在攻擊時價值 3.08 億美元。” “被盜資金最終轉移到了 TraderTraitor 控制的錢包中。”
The disclosure follows Chainalysis's assertion that North Korean threat actors were responsible for hacking DMM Bitcoin, with the attackers targeting infrastructure vulnerabilities to make unauthorized withdrawals.
在此披露之前,Chainaanalysis 聲稱北韓威脅行為者對 DMM 比特幣的駭客攻擊負有責任,攻擊者瞄準基礎設施漏洞進行未經授權的提款。
"The attacker moved millions of dollars' worth of crypto from DMM Bitcoin to several intermediary addresses before eventually reaching a Bitcoin CoinJoin Mixing Service," the blockchain intelligence firm said.
這家區塊鏈情報公司表示:“攻擊者將價值數百萬美元的加密貨幣從 DMM 比特幣轉移到幾個中間地址,然後最終到達比特幣 CoinJoin 混合服務。”
"After successfully mixing the stolen funds using the Bitcoin CoinJoin Mixing Service, the attackers moved a portion of the funds through a number of bridging services, and finally to HuiOne Guarantee, an online marketplace tied to the Cambodian conglomerate, HuiOne Group, which was previously exposed as a significant player in facilitating cybercrimes."
「在使用比特幣 CoinJoin 混合服務成功混合被盜資金後,攻擊者透過一些橋接服務將部分資金轉移到 HuiOneguarantee,這是一個與柬埔寨企業集團 HuiOne Group 相關的線上市場,該集團之前被揭露為促進網路犯罪的重要參與者。
The development also occurs as the AhnLab Security Intelligence Center (ASEC) has disclosed that Andariel, a North Korean threat actor operating within the Lazarus Group, is deploying the SmallTiger backdoor in attacks targeting South Korean asset management and document centralization solutions.
同時,AhnLab 安全情報中心 (ASEC) 揭露,Lazarus 集團內部運作的北韓威脅行為者 Andariel 正在部署 SmallTiger 後門,用於針對韓國資產管理和文件集中解決方案的攻擊。
免責聲明:info@kdj.com
The information provided is not trading advice. kdj.com does not assume any responsibility for any investments made based on the information provided in this article. Cryptocurrencies are highly volatile and it is highly recommended that you invest with caution after thorough research!
If you believe that the content used on this website infringes your copyright, please contact us immediately (info@kdj.com) and we will delete it promptly.
-
- MicroStrategy 安排股東會議批准股票發行策略的變更,為額外的比特幣收購提供資金
- 2024-12-25 08:50:04
- 該公司已於 12 月完成了三輪 BTC 購買。