Research reveals that North Korean hacker groups, including TraderTraitor, have infiltrated major cloud systems through fake IT job offers, potentially stealing $1.6B in cryptocurrency by 2025 as tactics evolve.
Research by Google Cloud and Wiz, as reported on August 5th by PANews and cited by Decrypt, reveals that North Korean-backed hacker groups, including TraderTraitor (UNC4899), use fake IT job offers on social media to compromise cloud systems at Google Cloud and AWS, hijack cryptocurrency trading servers, and potentially steal up to $1.6B by 2025. Their tactics have evolved from JavaScript-based malware in 2020 to employing open source exploits and AI-generated phishing emails, with a notable incident at Japan's DMM Bitcoin causing a $305M loss.