U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

FBI identifies wallets holding cryptocurrency funds stolen by North Korea

The U.S. FBI warned that North Korea-linked threat actors may attempt to cash out stolen cryptocurrency worth more than $40 million. The Federal Bureau of Investigation shared details about the activity of six cryptocurrency wallets operated by North Korea-linked threat actors. The wallets hold roughly 1,580 Bitcoin (roughly $41 million at the current rate) that […]

North Korea Lazarus APT

The U.S. FBI warned that North Korea-linked threat actors may attempt to cash out stolen cryptocurrency worth more than $40 million.

The Federal Bureau of Investigation shared details about the activity of six cryptocurrency wallets operated by North Korea-linked threat actors.

The wallets hold roughly 1,580 Bitcoin (roughly $41 million at the current rate) that the feds believe are linked to the recent theft of hundreds of millions of dollars in cryptocurrency.

The FBI believes that the North Korea-linked hackers may attempt to cash out the stolen funds.

“The FBI is warning cryptocurrency companies of recent blockchain activity connected to the theft of hundreds of millions of dollars in cryptocurrency. Over the last 24 hours, the FBI tracked cryptocurrency stolen by the Democratic People’s Republic of Korea (DPRK) TraderTraitor-affiliated actors (also known as Lazarus Group and APT38).” reads the FBI’s alert. “The FBI believes the DPRK may attempt to cash out the bitcoin worth more than $40 million dollars.”

The investigation conducted by the FBI revealed that the TraderTraitor-affiliated actors moved approximately 1,580 bitcoin from several cryptocurrency heists to the following wallets:

  • 3LU8wRu4ZnXP4UM8Yo6kkTiGHM9BubgyiG
  • 39idqitN9tYNmq3wYanwg3MitFB5TZCjWu
  • 3AAUBbKJorvNhEUFhKnep9YTwmZECxE4Nk
  • 3PjNaSeP8GzLjGeu51JR19Q2Lu8W2Te9oc
  • 3NbdrezMzAVVfXv5MTQJn4hWqKhYCTCJoB
  • 34VXKa5upLWVYMXmgid6bFM4BaQXHxSUoL

TraderTraitor-affiliated hackers stole $100 million from Atomic Wallet in June, $60 million from Alphapo, and $37 million from CoinsPaid in July.

North Korea-linked APT groups have focused their previous operations on the theft of crypto assets. Researchers attributed the hack of Harmony’s Horizon bridge and Sky Mavis’ Ronin Bridge to North Korea-linked threat actors.

“Private sector entities should examine the blockchain data associated with these addresses and be vigilant in guarding against transactions directly with, or derived from, the addresses. The FBI will continue to expose and combat the DPRK’s use of illicit activities—including cybercrime and virtual currency theft—to generate revenue for the regime.” FBI concludes.

In 2018, the Lazarus APT group targeted several cryptocurrency exchanges, including the campaign tracked as Operation AppleJeus discovered in August 2018. At the time, North Korea-linked Lazarus APT group leveraged for the first time on a MacOS variant of the Fallchill malware.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, North Korea)