CyberSecurityBoard
Sponsor Register Login

DPRK's Largest Cryptocurrency Heist via a Compromised macOS Developer and AWS Pivots - Researchers Emulated

North Korean state-sponsored hackers have executed what security experts are calling the largest cryptocurrency theft operation to date, successfully stealing an estimated $625 million through an elaborate attack chain that compromised a high-profile macOS developer’s environment and leveraged Amazon Web Services (AWS) infrastructures as pivots. Security researchers successfully emulated the complete attack chain in controlled environments, providing crucial insights into detection opportunities and potential mitigation strategies for similar attacks in the future. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The sophisticated campaign, which targeted multiple cryptocurrency exchanges simultaneously, demonstrated an unprecedented level of technical coordination and operational security. The AWS pivot techniques were particularly noteworthy, as they leveraged legitimate credentials to create temporary instances that served as relay points for exfiltrating cryptocurrency wallet data. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 07 May 2025 17:29:59 +0000


Cyber News related to DPRK's Largest Cryptocurrency Heist via a Compromised macOS Developer and AWS Pivots - Researchers Emulated

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
DPRK's Largest Cryptocurrency Heist via a Compromised macOS Developer and AWS Pivots - Researchers Emulated - North Korean state-sponsored hackers have executed what security experts are calling the largest cryptocurrency theft operation to date, successfully stealing an estimated $625 million through an elaborate attack chain that compromised a high-profile ...
2 weeks ago Cybersecuritynews.com
GCP to AWS migration: A Comprehensive Guide - Embarking on a GCP to AWS migration journey can be both exciting and challenging. Before we dive into the technical details, let's explore why businesses might consider migrating from GCP to AWS. While GCP offers a range of services, AWS boasts an ...
1 year ago Feeds.dzone.com
CrowdStrike Demonstrates Cloud Security Leadership at AWS re:Invent - CrowdStrike is honored to be named Partner of the Year for several 2023 Geo and Global AWS Partner Awards at Amazon Web Services re:Invent 2023, where we are participating this year as a Diamond Sponsor. These accomplishments demonstrate our ...
1 year ago Crowdstrike.com
How Businesses Can Manage Cryptocurrency Fraud - With cryptocurrency payments on the rise, businesses must learn how to safeguard against potential risks. Businesses across the US are seeking innovative payment methods, with an estimated 75% of retailers looking to embrace cryptocurrency payment ...
1 year ago Cyberdefensemagazine.com
Shaping the Future of Finance: The Cisco and AWS Collaboration in EMEA - The collaboration between Cisco and Amazon Web Services in the Europe, Middle East, and Africa region-combining each company's market leading strengths-continues to deliver impressive outcomes for our customers, notably within the Financial Services ...
1 year ago Feedpress.me
Customer compliance and security during the post-quantum cryptographic migration | AWS Security Blog - For example, using the s2n-tls client built with AWS-LC (which supports the quantum-resistant KEMs), you could try connecting to a Secrets Manager endpoint by using a post-quantum TLS policy (for example, PQ-TLS-1-2-2023-12-15) and observe the PQ ...
7 months ago Aws.amazon.com
AWS CloudQuarry: Digging for Secrets in Public AMIs - Money, secrets and mass exploitation: This research unveils a quarry of sensitive data stored in public AMIs. As a best practice, AMI creators should not include credentials, including AWS account credentials, in published AMIs. We wanted to scan all ...
1 year ago Packetstormsecurity.com
New Research Delves Into the World of Malicious Cryptocurrency Mining - As cryptocurrency prices have soared in recent years, malicious cryptocurrency miners have increasingly targeted vulnerable computer systems with malicious crypto-mining software in search of profits. In a new research paper, security researchers at ...
2 years ago Thehackernews.com
CVE-2024-37293 - The AWS Deployment Framework (ADF) is a framework to manage and deploy resources across multiple AWS accounts and regions within an AWS Organization. ADF allows for staged, parallel, multi-account, cross-region deployments of applications or ...
11 months ago Tenable.com
A Single Cloud Compromise Can Feed an Army of AI Sex Bots – Krebs on Security - “Once initial access was obtained, they exfiltrated cloud credentials and gained access to the cloud environment, where they attempted to access local LLM models hosted by cloud providers: in this instance, a local Claude (v2/v3) LLM model from ...
7 months ago Krebsonsecurity.com
Rundown of Security News from AWS re:Invent 2023 - Amazon Web Services has been unveiling a steady stream of announcements during its AWS re:Invent 2023 event in Las Vegas this week. The focus over the four days, as expected, is on AI as AWS strives to show that its offerings can match - or surpass - ...
1 year ago Darkreading.com
macOS Malware Mix & Match: North Korean APTs Stir Up Fresh Attacks - North Korean advanced persistent threat groups are mixing and matching components of two recently unleashed types of Mac-targeted malware to evade detection and fly under the radar as they continue their efforts to conduct operations at the behest of ...
1 year ago Darkreading.com
North Korean Hackers Stole $600 Million in Cryptocurrency - The Democratic People's Republic of Korea has reportedly stolen nearly $600 million in cryptocurrency in 2023. There have also been reports stating that the last final days of the year also had evidence of cyberattacks, which, if confirmed, could ...
1 year ago Cybersecuritynews.com
US removes sanctions against Tornado Cash crypto mixer - The U.S. Department of Treasury announced today that it has removed sanctions against Tornado Cash, a cryptocurrency mixer used by North Korean Lazarus hackers to launder hundreds of millions stolen in multiple crypto heists. In August 2023, the ...
2 months ago Bleepingcomputer.com
7 Rules to Improve AWS Security and Reduce Unwanted Incidents - Security of your AWS infrastructure is ultimately up to you. As the largest cloud services provider, AWS invests heavily to ensure its cloud environment is secure. Much of AWS security is still left to the customer, especially with regard to managing ...
2 years ago Beyondtrust.com
whoAMI attacks give hackers code execution on Amazon EC2 instances - The attacker only needs an AWS account to publish their backdoored AMI to the public Community AMI catalog and strategically choose a name that mimics the AMIs of their targets. The issue was fixed last year on September 19, and on December 1st AWS ...
3 months ago Bleepingcomputer.com
What happens when you accidentally leak your AWS API keys? - My situation had no ill consequences, but it could have if I had used my actual email for the script or if my project was bigger and I had used AWS or another cloud provider and hardcoded those credentials. In a later class I did learn how to safely ...
1 year ago Isc.sans.edu
SentinelLabs Details Discovery of FBot Tool for Compromising Cloud Services - SentinelLabs today published a report identifying a Python-based tool that cybercriminals are using to compromise cloud computing and software-as-a-service platforms. Alex Delamotte, senior threat researcher at SentinelLabs, said FBot is used to take ...
1 year ago Securityboulevard.com
Bybit Hack - Sophisticated Multi-Stage Attack Details Revealed - The malicious code contained an activation condition targeting specific contract addresses, along with transaction validation tampering designed to bypass security checks. Sygnia researchers identified that the earliest malicious activity began on ...
2 months ago Cybersecuritynews.com Lazarus Group
North Korean Hackers Amass $3bn in Cryptocurrency Heists - North Korean hackers have reportedly stolen a total of $3bn in cryptocurrency since 2017, as revealed in a recent report by Recorded Future's Insikt Group. The revelation underscores the prolonged engagement of the regime in the cryptocurrency ...
1 year ago Infosecurity-magazine.com
FBI confirms Lazarus hackers were behind $1.5B Bybit crypto heist - Since the incident, crypto fraud investigator ZachXBT discovered multiple links to the infamous North Korean threat group after the attackers sent some of the stolen Bybit funds to an Ethereum address used in the Phemex, BingX, and Poloniex hacks ...
2 months ago Bleepingcomputer.com APT3 APT38 Lazarus Group
A Handbook for Managing Containers on Amazon Web Services - Container management is a way to help you create, govern, and maintain your containers. There are tools and services available that can automate the creation, deployment, maintenance, scaling, and monitoring of application or system containers. In ...
2 years ago Trendmicro.com
North Korea's state hackers stole $3 billion in crypto since 2017 - North Korean-backed state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry over the last six years since January 2017. Kimsuky, Lazarus Group, Andariel, and other North Korean hacking groups ...
1 year ago Bleepingcomputer.com Andariel Kimsuky Lazarus Group
Chainalysis observes decrease in cryptocurrency crime in 2023 - While the ransomware market is rising and cybercriminals continue to rack up bitcoin payments, illicit cryptocurrency activity is declining, according to new research from Chainalysis. Funds sent to illicit cryptocurrency addresses dropped from $39.6 ...
1 year ago Techtarget.com Rocke

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)