HIDDENCOBRA (APT38) Responsible for 100M USD Cyberheist Against Blockchain Provider

Read Time:1 Minute, 30 Second

Earlier the FBI announced that HIDDEN COBRA (also known as APT38/LAZARUS) is behind the latest cyberheist of 100M against cryptocurrency blockchain provider Horizon Bridge, which is a U.S. based startup owned by Harmony. The assets stolen by Lazarus were cryptocurrency coins – Ethereum, Binance Coin, Tether, USD Coin, and DAI.HIDDEN COBRA is a state sponsored organization headed by the North Korean government.What are the Technical Details of this Attack?HIDDEN COBRA used a combination of targeted attacks, specifically spearphishing campaigns designed to compel a user into unknowingly installing malware. Dubbed TraderTraitor, HIDDEN COBRA used fake recruitment efforts in the cryptocurrency space; using offers and templates designed to entice those working in positions in targeted companies within. They used the AppleJeus malware which was disguised as legitimate cryptocurrency applications. Targets included individuals and companies within the cryptocurrency exchange and financial service sectors.Who is HIDDEN COBRA/LAZARUS/APT38?HIDDEN COBRA has been linked to multiple high-profile, financially-motivated attacks in various parts of the world – some of which have caused massive infrastructure disruptions. Notable attacks include the 2014 attack on a major entertainment company and a 2016 Bangladeshi financial institution heist that almost netted nearly $1 Billion (USD) for the attackers. Had it not been for a misspelling in an instruction that caused a bank to flag and block thirty transactions, HIDDEN COBRA would have pulled off a heist unlike any other. Although HIDDEN COBRA failed in their attempt, they were still able to net around 81 million dollars in total.What Protections are Available?Fortinet customers running the latest (AV) definitions are protected by the following signatures:OSX/NukeSped.JRiskware/AlticGORiskware/DAFOMRiskware/CryptAISRiskware/TokenAISOSX/NukeSped.AA!trW64/Agent.IN!trW32/OSX_Nukesped.J!tr.bdrOSX/NukeSped.J!trAll network IOC’s are blocked by the WebFiltering Client.

FBI Asks for Help Tracking Chinese Salt Typhoon Actors

Government Set to Ban SIM Farms in European First

Friday Squid Blogging: Squid Facts on Your Phone

Law Enforcement Crackdowns Drive Novel Ransomware Affiliate Schemes

SAP Fixes Critical Vulnerability After Evidence of Exploitation

M&S Shuts Down Online Orders Amid Ongoing Cyber Incident

Security Experts Flag Chrome Extension Using AI Engine to Act Without User Input

Cryptocurrency Thefts Get Physical

US Data Breach Lawsuits Total $155M Amid Cybersecurity Failures

HIDDENCOBRA (APT38) Responsible for 100M USD Cyberheist Against Blockchain Provider

USN-7464-1: Jupyter Notebook vulnerability

[IWCC 2025] CfP: 14th International Workshop on Cyber Crime – Ghent, Belgium, Aug 11-14, 2025

Inedo ProGet Insecure Reflection and CSRF Vulnerabilities

Ruby on Rails Cross-Site Request Forgery

Microsoft “.library-ms” File / NTLM Information Disclosure (Resurrected 2025)

kappanhang-0-0.3.20250427gitdffb773.fc41