Radiant Capital attack update: North Korean hackers impersonate former contractors to deploy malware attacks

2024-12-09 10:47:42

Collection

ChainCatcher news, according to a report by Cointelegraph, Radiant Capital stated in an updated investigation report on December 6 that the cybersecurity company Mandiant has assessed with high confidence that the attack was carried out by threat actors affiliated with North Korea (DPRK).

The platform mentioned that a Radiant developer received a Telegram message on September 11, which contained a compressed file from a "trusted former contractor," requesting feedback on a new project they were planning. Upon review, this message was suspected to be from threat actors allied with North Korea impersonating the former contractor. "This ZIP file, when shared with other developers for feedback, ultimately delivered malware that facilitated the subsequent intrusion."

Radiant Capital believes that the threat actors responsible for the incident are referred to as "UNC4736"—reportedly associated with North Korea's main intelligence agency, the Reconnaissance General Bureau (RGB), and speculated to be a subgroup of the hacking organization Lazarus Group.

Previous report stated that the cross-chain lending protocol Radiant Capital suffered a cyber attack, resulting in losses exceeding $50 million.

(Source Link)

ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.