HIDDENCOBRA (APT38) Responsible for 100M USD Cyberheist Against Blockchain Provider

Read Time:1 Minute, 30 Second

Earlier the FBI announced that HIDDEN COBRA (also known as APT38/LAZARUS) is behind the latest cyberheist of 100M against cryptocurrency blockchain provider Horizon Bridge, which is a U.S. based startup owned by Harmony. The assets stolen by Lazarus were cryptocurrency coins – Ethereum, Binance Coin, Tether, USD Coin, and DAI.HIDDEN COBRA is a state sponsored organization headed by the North Korean government.What are the Technical Details of this Attack?HIDDEN COBRA used a combination of targeted attacks, specifically spearphishing campaigns designed to compel a user into unknowingly installing malware. Dubbed TraderTraitor, HIDDEN COBRA used fake recruitment efforts in the cryptocurrency space; using offers and templates designed to entice those working in positions in targeted companies within. They used the AppleJeus malware which was disguised as legitimate cryptocurrency applications. Targets included individuals and companies within the cryptocurrency exchange and financial service sectors.Who is HIDDEN COBRA/LAZARUS/APT38?HIDDEN COBRA has been linked to multiple high-profile, financially-motivated attacks in various parts of the world – some of which have caused massive infrastructure disruptions. Notable attacks include the 2014 attack on a major entertainment company and a 2016 Bangladeshi financial institution heist that almost netted nearly $1 Billion (USD) for the attackers. Had it not been for a misspelling in an instruction that caused a bank to flag and block thirty transactions, HIDDEN COBRA would have pulled off a heist unlike any other. Although HIDDEN COBRA failed in their attempt, they were still able to net around 81 million dollars in total.What Protections are Available?Fortinet customers running the latest (AV) definitions are protected by the following signatures:OSX/NukeSped.JRiskware/AlticGORiskware/DAFOMRiskware/CryptAISRiskware/TokenAISOSX/NukeSped.AA!trW64/Agent.IN!trW32/OSX_Nukesped.J!tr.bdrOSX/NukeSped.J!trAll network IOC’s are blocked by the WebFiltering Client.

CISA’s 2024 Review Highlights Major Efforts in Cybersecurity Industry Collaboration

Casino Players Using Hidden Cameras for Cheating

Friday Squid Blogging: Squid on Pizza

Scams Based on Fake Google Emails

Infostealers Dominate as Lumma Stealer Detections Soar by Almost 400%

The AI Fix #30: ChatGPT reveals the devastating truth about Santa (Merry Christmas!)

US and Japan Blame North Korea for $308m Crypto Heist

Spyware Maker NSO Group Found Liable for Hacking WhatsApp

Spyware Maker NSO Group Liable for WhatsApp User Hacks

HIDDENCOBRA (APT38) Responsible for 100M USD Cyberheist Against Blockchain Provider

icecat-flatpak-115.18.0-2

mupdf-1.24.6-2.fc40

mupdf-1.21.1-6.el9

DSA-5837-1 fastnetmon – security update

DSA-5836-1 xen – security update

DSA-5835-1 webkit2gtk – security update