In a joint statement, the governments of the United States, Japan, and South Korea have highlighted the growing risk posed by North Korean cyberattacks on the global blockchain and cryptocurrency sectors. The warning particularly focuses on the potential threats associated with hiring IT workers from North Korea.
The Threat of North Korean Hackers to the Blockchain Industry
The three nations emphasized in their January 14 statement that North Korean hacking groups, such as the infamous Lazarus Group, are increasingly targeting crypto exchanges and investors. These groups employ sophisticated tactics, including social engineering, and spread malware like TraderTraitor and AppleJeus.
A Call for Caution in IT Recruitment
Government authorities urged companies operating in the web3 and blockchain sectors to thoroughly vet new hires to avoid employing IT professionals from North Korea. Research indicates that such workers often pose as remote employees or investors. The report also mentioned initiatives to foster collaboration between the private and public sectors, such as Crypto-ISAC in the United States, as well as similar efforts in Japan and South Korea.
North Korean Cyberattacks in 2024
In 2024, North Korean cyber groups were linked to several high-profile attacks:
A hack on Japan’s DMM Bitcoin exchange resulted in losses of $308 million.An attack on South Korea’s Upbit platform led to the theft of $50 million.
These incidents underscore the severity of the threat that North Korean activities pose to the global financial system.
Fraudulent Practices by North Korean Hackers
At the Cyberwarcon conference in November 2024, researchers revealed that North Korean hackers often disguise themselves as:
Remote IT workers employed by major tech companies,Recruiters or venture capital investors.
Two specific hacking groups, Sapphire Sleet and Ruby Sleet, allegedly stole $10 million in just six months using these methods.
Collaboration Is Key to Protection
The governments of the USA, Japan, and South Korea have called on companies and individuals to remain vigilant and work together to create effective defense mechanisms. Thorough employee screening and adherence to security recommendations could help mitigate the risks of cyberattacks and safeguard the global financial ecosystem.

#CyberSecurity , #CryptoNewss , #cryptohacks , #cyberattacks , #HackerNews

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

Investors Face Risks from Fee-Related Scams
Cypriot authorities are urging the public to exercise caution after a 50-year-old man from Limassol lost $58,000 to a fraudulent cryptocurrency trading platform. This incident highlights the growing prevalence of manipulative tactics used in crypto market scams.
How the Scam Unfolded
Fake Platform with a Professional Appearance
The victim encountered a website in December that appeared to be a legitimate trading platform. It featured detailed charts, interactive dashboards, and tools for tracking profits. Lured by the professional design and promises of high returns, the man invested a total of $58,000 across multiple transactions.
Manipulated Data and Illusions of Profit
The scammers used a manipulated dashboard to display fake rising profits. This common tactic creates the illusion of successful investments, encouraging victims to continue depositing funds.
Demands for "Additional Fees"
When the man attempted to withdraw his supposed earnings, the scammers refused to release the funds, instead demanding additional fees to "unlock" the profits. This tactic, known as an advance fee scam, involves pressuring victims to pay more money under false pretenses, only to leave their funds inaccessible.
Recommendations from Authorities and Additional Warnings
Caution in Investing
The Cypriot Financial Crime Investigation Bureau advises against sharing sensitive financial and personal information and recommends investing only through licensed and reputable institutions. They also emphasize the importance of verifying the credibility of any advisor or platform.
Other Crypto Scam Incidents
Similar warnings have been issued by U.S. financial authorities. For instance, in June 2024, another investor lost $310,000 through a fake platform called Ethfinance. Scammers employed similar tactics, leveraging manipulated data to deceive victims.
More Sophisticated Scams
In July, another scam was uncovered where fraudsters offered fake loans. Victims were convinced their trading account profits would cover the loan repayments. However, the victims ended up repaying the loans from their own pockets while their supposed earnings remained locked on the platform.
Summary
This case from Cyprus underscores the risks of investing in cryptocurrencies through unverified platforms. Police and financial authorities warn against scammers who manipulate data and exploit investor trust. Exercising caution and thoroughly verifying investment opportunities are crucial for avoiding financial losses.

#CyberSecurity , #HackerAlert , #cyberattacks , #CryptoScamAlert , #CryptoNewss

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!
Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

The Health Sector #cybersecurity Coordination Center (HC3) in the United States has announced that at least one healthcare institution in the U.S. has been hit by the Trinity ransomware, a new threat targeting critical infrastructure.
The Threat of Trinity Ransomware and How It Works
A U.S. government agency issued a warning regarding the Trinity ransomware, which targets victims and extorts them for #CryptocurrencyPayments in exchange for not leaking sensitive data. This ransomware uses various attack methods, including phishing emails, malicious websites, and exploiting software vulnerabilities.
Once it infiltrates a system, the ransomware scans the victim's computer, collects sensitive information, and encrypts files using advanced encryption algorithms, rendering them unreadable. #hackers then leave a message in the computer informing the victim that their data has been encrypted and demanding a ransom in exchange for a decryption key.
Hackers’ Demands: 24-Hour Deadline for Payment
In the ransom note, victims are warned that they have only 24 hours to pay the ransom in cryptocurrency, or their data will be leaked or sold. HC3 noted that there are currently no available decryption tools for Trinity ransomware, leaving victims with few options for recovery.
"Victims have 24 hours to contact the cybercriminals, and if they fail to do so, the stolen data will be leaked or sold," HC3 reported. The ransomware primarily targets critical infrastructure, including healthcare providers.
Attacks on Healthcare Institutions
The Trinity ransomware has already affected seven organizations, with healthcare facilities being one of its primary targets. HC3 reported that at least one healthcare entity in the U.S. was recently impacted by this ransomware, raising concerns about cybersecurity in the healthcare sector.
Crypto Ransom Payments Reached $1 Billion in 2023
According to the Chainalysis 2024 #cryptocrime Report, ransomware attackers received approximately $1.1 billion in cryptocurrency payments in 2023. These ransoms were paid by high-profile institutions and critical infrastructure, with attacks ranging from small criminal groups to large syndicates.
The report also revealed that 538 new ransomware variants were created in 2023, with major corporations like BBC and British Airways being among the primary targets of these attacks.
#cyberattacks

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!

Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

 

Researchers from HP have discovered malware created using generative #artificialintelligence during the analysis of a suspicious email.

Generative AI Accelerates Malware Creation
The development of malware has become easier and faster thanks to generative AI. Malware developers can now use AI to speed up the process of writing code, leading to an increase in the number of #Attacks and allowing even less experienced individuals to develop harmful software.
A September report from HP’s Wolf Security team uncovered a new version of the AsyncRAT trojan, which is used to remotely control a victim’s computer. Researchers found this version while analyzing a suspicious email sent to one of their clients.
Malware Written with Artificial Intelligence
While the original AsyncRAT was developed by humans, this new version contained an injection technique that researchers believe was created using generative AI. Although AI has previously been used to create phishing lures, the report notes that there was little evidence of AI being used to write malicious code "in the wild" before this discovery.
One of the key indicators was that the code contained detailed comments explaining the function of each part. This is unusual for #Cybercriminals , who generally do not want others to understand how their malware works.

In-Depth Analysis of the Malware
Researchers initially encountered the suspicious email, which was sent to users of HP’s Sure Click threat containment software. The email appeared to be an invoice written in French, likely targeting French-speaking individuals. Initially, the contents of the file were difficult to determine because it was encrypted. However, after breaking the password, the hidden malware was revealed.
The #Malware consisted of a Visual Basic script that wrote data to the user’s registry, installed a JavaScript file, and launched Powershell. This led to the installation of AsyncRAT malware on the device.

AsyncRAT Development and Its Risks
AsyncRAT, originally released on GitHub in 2019, is a remote management tool. Although its developers claim it is a legitimate open-source software, it has been predominantly used by cybercriminals. It allows attackers to remotely control infected devices and can be used to steal sensitive data, such as private keys or phrases for cryptocurrency wallets, leading to potential financial losses.
Although AsyncRAT is not new, this variant uses a new injection method, which shows signs of having been created using generative AI. This indicates that the new technology is making it easier for attackers to carry out cyberattacks.
AI Increases the Threat of Cyberattacks
HP’s report highlights that generative artificial intelligence is accelerating #cyberattacks and lowering the barrier for cybercriminals to infect devices. Security researchers are still grappling with the effects of AI advancements on cybersecurity.
The risks associated with AI include its potential misuse to identify vulnerabilities in smart contracts, which could be exploited by both ethical and malicious hackers. In May 2023, Meta also warned that some malware creators are using fake versions of popular AI tools to lure victims.
Generative artificial intelligence is fundamentally changing the rules of cybersecurity and presents a new challenge in the fight against malware.

Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

 

The Layer 2 "Base" network on the Coinbase platform has been the target of a large-scale price manipulation attack. This attack focused on an unverified loan contract, leading to a loss of approximately $1 million.
CertiK Warned of the Attack
Early this morning, CertiK Alert monitoring system informed users on the X platform about the ongoing attack. According to the report, the attack targeted the Base chain and affected an unverified loan contract starting with the address 0x5c52.

According to CertiK’s post on X: "The exploiter manipulated the price of WETH and Sui and gained approximately $1 million in tokens through excessive borrowing." CertiK also noted that the oracle used to verify this loan contract, which was deployed only six days ago, has a liquidity of only around $400,000.

Repeated Contract Manipulation Incident
This attack marks the second similar incident in the last two days. On October 24, suspicious transactions were detected on the Polygon network, affecting an unverified NAS contract with the address 0x5d6084Bf..F36Ac7. In that case, the attacker obtained a large amount of NAS tokens, which were later exchanged for USDT.
Base Has Yet to Comment
The Base platform has not yet commented on the incident. However, on October 30, Base announced the launch of Fault Proofs, which aims to provide a more secure environment by removing trusted third parties. The new update will also allow users to monitor and challenge invalid withdrawals.

#hackers , #cyberattacks , #CoinbaseExchange. , #cybersecurity , #CryptoHack
Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!

Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

#wazirX #CryptoNewss #CryptoDawar #cyberattacks #CyberSafety

BENGALURU: Crypto exchange WazirX, in a virtual conference on Monday stressed that tracking and recovering stolen crypto assets is a top priority for the exchange.
WazirX, which is pursuing a restructuring of crypto balances which will take at least six months, filed a moratorium application in Singapore Court and as part of the restructuring, aims to engage with a white knight to provide capital and pursue partnerships and collaborations.
The cyberattack on July 18 resulted in a large volume of ERC-20 tokens being stolen. About Rs 2,000 crore worth of user funds were lost.
Last month, Google subsidiary Mandiant Solutions provided a clean chit to the crypto exchange, but digital assets security firm Liminal Custody questioned the scope and methodology of the audit.
When asked about it, Nischal Shetty, WaxirX Founder and CEO told TNIE. "It's just three laptops that we used for accessing the liminal website. Our infrastructure was not impacted or involved in this process. We gave the entire laptop image and data to the forensic team, we have even provided this to the right authorities."
He added that there is nothing beyond the laptop image that exists with us since nothing else on our end was used for accessing the Liminal website except these three laptops.
George Gwee, director of restructuring at Kroll and Jason Kardachi, MD of Kroll, also addressed the conference. Kroll is the financial advisor and according to them, customers will receive returns of 55 per cent to 57 per cent of the funds. This means, 43 per cent of the money would not be able to recover.
However, Shetty added that they are in the negotiation and the ideation stage. The exchange also has an ownership dispute with Binance. While Zanmai India operates WazirX, Zettai is Singapore-incorporated, and it has applied for a moratorium.
The exchange also explained that restructuring is not insolvency, liquidation or bankruptcy. It is a plan to distribute assets to users in a pro-rata, equitable way, and in crypto (not fiat); and it allows users who need liquidity urgently to withdraw crypto more quickly and not exit the restructuring.
Since Zanmai was not affected by the cyberattack, the platform reopened INR withdrawals up to a limit of 66 per cent. The remaining INR are frozen due to ongoing disputes, and investigations by various Indian Law Enforcement Agencies and will be made available for withdrawal as and when they are unfrozen, the crypto exchange informed.

Stolen cryptocurrency funds are reportedly funding more than half of North Korea's nuclear and missile programs.
Study Reveals Massive Crypto Crime
A recent study by Microsoft revealed that North Korean hackers have stolen over $3 billion in cryptocurrency since 2017. In 2023 alone, the amount stolen in crypto ranges between $600 million and $1 billion.
The 2024 Microsoft Digital Defense Report highlights the complexity of global cyber threats, driven by the rising number of crypto-targeted attacks.
Cryptocurrencies Financing North Korea’s Weapons Programs
According to the report, the stolen crypto funds are allegedly used to finance more than half of North Korea's nuclear and missile programs. Anne Neuberger, the White House National Security Advisor, noted that North Korea is increasingly relying on these tactics.
North Korea uses cryptocurrencies to evade international sanctions and support its ambitions to project geopolitical power through nuclear weapons and ballistic missiles.
Major North Korean Hacking Groups
Since 2023, Microsoft has identified three key North Korean hacking groups: Jade Sleet, Sapphire Sleet, and Citrine Sleet. These groups have been particularly active in targeting organizations dealing with cryptocurrencies.
Additionally, a new North Korean threat actor, Moonstone Sleet, developed its own ransomware called FakePenny. This ransomware was deployed in defense and aerospace organizations after extracting sensitive data from compromised networks.
Microsoft analysts noted that the emergence of these threat groups signals an increasing reliance on cybercrime to bolster North Korea's financial resources.
Other Threats: Iranian and Russian Hacking Groups
In addition to North Korean hackers, the Microsoft report identified Iranian threat actors who are increasingly using cyber operations for financial gain.
The report points out that this marks a shift from previous behavior, where ransomware attacks that appeared financially motivated were actually destructive.
Iran has heavily focused on Israel, especially after the outbreak of the war between Israel and Hamas. Iranian actors are also targeting the United States and Gulf countries, including the United Arab Emirates and Bahrain.
Meanwhile, Russian hacking groups have been integrating more commodity malware into their operations and supporting cyber espionage efforts for criminal organizations.
#cyberattacks , #Cryptoscam , #digitalsecurity ,#northkorea , #CryptoNews🚀🔥

Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies!

Notice:
,,The information and views presented in this article are intended solely for educational purposes and should not be taken as investment advice in any situation. The content of these pages should not be regarded as financial, investment, or any other form of advice. We caution that investing in cryptocurrencies can be risky and may lead to financial losses.“

WASHINGTON, Aug 10 - Donald #Trump's U.S. presidential campaign said on Saturday some of its internal communications were hacked and blamed the Iranian government, citing past hostilities between Trump and Iran without providing direct evidence.
The Republican's campaign statement came shortly after news website Politico reported it had begun receiving emails in July from an anonymous source offering authentic documents from inside Trump's operation, including a report about running mate JD Vance's "potential vulnerabilities."
"These documents were obtained illegally from foreign sources hostile to the United States, intended to interfere with the 2024 election and sow chaos throughout our Democratic process," Trump campaign spokesperson Steven Cheung said in a statement.
Late on Saturday, Trump posted on his Truth Social app that Microsoft (MSFT.O), opens new tab had just informed the campaign that Iran had hacked one of its websites. He cast blame on #Iran , adding they were "only able to get publicly available information." He did not elaborate further on the hack.
Reuters has not independently verified the identity of the alleged hackers or their motivation.
The Trump campaign referred to a Friday report from Microsoft researchers that said Iranian government-tied hackers tried breaking into the account of a "high-ranking official" on a U.S. presidential campaign in June. The hackers had taken over an account belonging to a former political advisor and then used it to target the official, the report said. That report did not provide further details on the targets' identities.
A Microsoft spokesperson declined to name the targeted officials or provide additional details after the report was published.
Iran's permanent mission to the United Nations in New York said in an email that "the Iranian government neither possesses nor harbors any intent or motive to interfere in the United States presidential election."
"We do not accord any credence to such reports," it added in response to the Trump campaign's allegations.
On Friday, in response to Microsoft's findings, Iran's U.N. mission told its cyber capabilities were "defensive and proportionate to the threats it faces," and that it had no plans to launch cyberattacks.
The former president had tense relations with Iran while in office. Under Trump, the United States killed Iranian military commander Qassem Soleimani in 2020 and withdrew from a multilateral Iran nuclear deal.

#MarketDownturn #Write2Earn! #cyberattacks