律动BlockBeats
律动BlockBeats|Mar 09, 2026 03:09
[Security Agency: Suspected North Korean Hacker Group Coordinated Attacks on Cryptocurrency Companies to Steal Keys and Cloud Assets] BlockBeats News, March 9 — Security research institution Ctrl-Alt-Intel disclosed that a group of suspected North Korean-affiliated hackers launched attacks targeting staking platforms, exchange software providers, and cryptocurrency exchanges. The attackers exploited the React2Shell vulnerability (CVE-2025-55182) and compromised AWS access credentials to infiltrate cloud environments, enumerating resources such as S3, EC2, RDS, EKS, and ECR, and extracting keys and credentials from Secrets Manager, Terraform files, Kubernetes configurations, and Docker containers. Researchers stated that the attackers downloaded five Docker images and stole source code, including software components related to ChainUp clients. The attack infrastructure involved a South Korean server at 64.176.226[.]36 and the domain itemnania[.]com. The report indicated that the activity aligns with characteristics of North Korean-related attacks, though attribution confidence is moderate, and the source of the AWS credentials remains unclear.
+4
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads