|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
日本和美国当局此前曾将 2024 年 5 月加密货币公司 DMM Bitcoin 价值 3.08 亿美元的加密货币失窃归咎于朝鲜网络攻击者。
Japanese and U.S. authorities have formally linked the theft of cryptocurrency to the tune of $308 million from cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors.
日本和美国当局已正式将加密货币盗窃案与 2024 年 5 月加密货币公司 DMM Bitcoin 向朝鲜网络攻击者盗窃的 3.08 亿美元联系起来。
"The theft is connected to TraderTraitor threat activity, also known as Jade Sleet, UNC4899, and Slow Pisces," the agencies stated. "Multiple employees of the same company at once are frequently targeted by TraderTraitor activity with the use of social engineering."
这些机构表示:“这起盗窃事件与 TraderTraitor 威胁活动(也称为 Jade Sleet、UNC4899 和 Slow Pisces)有关。” “同一家公司的多名员工经常成为利用社会工程手段进行 TraderTraitor 活动的目标。”
The Federal Bureau of Investigation, the Department of Defense Cyber Crime Center, and the National Police Agency of Japan are credited with issuing the warning. It's interesting to note that DMM Bitcoin stopped operating earlier this month.
据信,美国联邦调查局、国防部网络犯罪中心和日本国家警察厅发布了这一警告。有趣的是,DMM 比特币于本月初停止运营。
TraderTraitor is a group of persistent threat activities connected to North Korea that has targeted Web3 businesses in the past, luring victims into downloading cryptocurrency apps that contain malware and ultimately enabling theft. It has been active since at least 2020 and is known for its activities.
TraderTraitor 是一组与朝鲜有关的持续威胁活动,过去曾针对 Web3 企业,引诱受害者下载包含恶意软件的加密货币应用程序,最终导致盗窃。它至少自 2020 年以来一直活跃,并以其活动而闻名。
The hacking team has carried out a number of attacks in recent years that make use of social engineering campaigns centered on employment or reaching out to potential targets under the guise of working together on a GitHub project, which then results in the deployment of malicious npm packages.
近年来,该黑客团队利用以就业为中心的社会工程活动或以 GitHub 项目合作为幌子接触潜在目标,实施了多次攻击,从而导致部署恶意 npm 包。
The group is perhaps best known, though, for its penetration and unauthorized access to JumpCloud's systems last year in order to target a select group of downstream customers.
不过,该组织最出名的可能是去年对 JumpCloud 系统进行渗透和未经授权的访问,以瞄准特定的下游客户群体。
The FBI documented an attack chain in which the threat actors contacted an employee at Ginco, a software company for cryptocurrency wallets based in Japan, in March 2024, posing as a recruiter and providing them with a URL to a malicious Python script hosted on GitHub as part of a supposed pre-employment test.
FBI 记录了一个攻击链,其中威胁行为者于 2024 年 3 月联系了总部位于日本的加密货币钱包软件公司 Ginco 的一名员工,冒充招聘人员并向他们提供了托管在 GitHub 上的恶意 Python 脚本的 URL:所谓的就业前测试的一部分。
The victim, who had access to Ginco's wallet management system, copied the Python code to their personal GitHub page, which ultimately resulted in their compromise.
受害者可以访问 Ginco 的钱包管理系统,并将 Python 代码复制到他们的个人 GitHub 页面,最终导致了他们的妥协。
The adversary proceeded to the next stage of the attack in mid-May 2024, exploiting session cookie information to impersonate the compromised employee and successfully gaining access to Ginco's unencrypted communications system.
攻击者于 2024 年 5 月中旬进行下一阶段的攻击,利用会话 cookie 信息冒充受感染的员工,并成功访问 Ginco 的未加密通信系统。
"In late-May 2024, the actors likely used this access to manipulate a legitimate transaction request by a DMM employee, resulting in the loss of 4,502.9 BTC, valued at $308 million at the time of the attack," the agencies said. "The stolen funds ultimately moved to TraderTraitor-controlled wallets."
这些机构表示:“2024 年 5 月下旬,攻击者可能利用此访问权限操纵 DMM 员工的合法交易请求,导致 4,502.9 BTC 损失,在攻击时价值 3.08 亿美元。” “被盗资金最终转移到了 TraderTraitor 控制的钱包中。”
The disclosure follows Chainalysis's assertion that North Korean threat actors were responsible for hacking DMM Bitcoin, with the attackers targeting infrastructure vulnerabilities to make unauthorized withdrawals.
在此披露之前,Chainaanalysis 声称朝鲜威胁行为者对 DMM 比特币的黑客攻击负有责任,攻击者瞄准基础设施漏洞进行未经授权的提款。
"The attacker moved millions of dollars' worth of crypto from DMM Bitcoin to several intermediary addresses before eventually reaching a Bitcoin CoinJoin Mixing Service," the blockchain intelligence firm said.
这家区块链情报公司表示:“攻击者将价值数百万美元的加密货币从 DMM 比特币转移到几个中间地址,然后最终到达比特币 CoinJoin 混合服务。”
"After successfully mixing the stolen funds using the Bitcoin CoinJoin Mixing Service, the attackers moved a portion of the funds through a number of bridging services, and finally to HuiOne Guarantee, an online marketplace tied to the Cambodian conglomerate, HuiOne Group, which was previously exposed as a significant player in facilitating cybercrimes."
“在使用比特币 CoinJoin 混合服务成功混合被盗资金后,攻击者通过一些桥接服务将部分资金转移到 HuiOne 担保,这是一个与柬埔寨企业集团 HuiOne 集团相关的在线市场,该集团之前是被暴露为促进网络犯罪的重要参与者。”
The development also occurs as the AhnLab Security Intelligence Center (ASEC) has disclosed that Andariel, a North Korean threat actor operating within the Lazarus Group, is deploying the SmallTiger backdoor in attacks targeting South Korean asset management and document centralization solutions.
与此同时,AhnLab 安全情报中心 (ASEC) 披露,Lazarus 集团内部运作的朝鲜威胁行为者 Andariel 正在部署 SmallTiger 后门,用于针对韩国资产管理和文档集中解决方案的攻击。
免责声明:info@kdj.com
The information provided is not trading advice. kdj.com does not assume any responsibility for any investments made based on the information provided in this article. Cryptocurrencies are highly volatile and it is highly recommended that you invest with caution after thorough research!
If you believe that the content used on this website infringes your copyright, please contact us immediately (info@kdj.com) and we will delete it promptly.
-
- MicroStrategy 安排股东会议批准股票发行策略的变更,为额外的比特币收购提供资金
- 2024-12-25 08:50:04
- 该公司已于 12 月完成了三轮 BTC 购买。