ExchangeDEX+

Buy Crypto Markets Spot Futures500X Earn Events

Gold Bar & BTC Giveaway2000g

PANews reported on December 5th that, according to Hackread.com, cybersecurity firm Hudson Rock discovered an infected device while analyzing logs from the LummaC2 information-stealing malware. The operator is suspected to be a malware developer within a North Korean state-sponsored hacking group. This device was previously used to build the infrastructure that supported the $1.4 billion theft from the cryptocurrency exchange Bybit in February 2025. Analysis revealed that the credentials found on the device were linked to domains registered before the attack and used to impersonate Bybit. The device itself was high-end, equipped with development tools such as Visual Studio and Enigma Protector, as well as communication and data storage applications like Astrill VPN, Slack, and Telegram. Its activity also indicated that the attackers purchased the domains and prepared fake Zoom installers to carry out phishing attacks. This discovery provides rare insights into the internal workings of asset sharing within North Korean-backed hacking operations.PANews reported on December 5th that, according to Hackread.com, cybersecurity firm Hudson Rock discovered an infected device while analyzing logs from the LummaC2 information-stealing malware. The operator is suspected to be a malware developer within a North Korean state-sponsored hacking group. This device was previously used to build the infrastructure that supported the $1.4 billion theft from the cryptocurrency exchange Bybit in February 2025. Analysis revealed that the credentials found on the device were linked to domains registered before the attack and used to impersonate Bybit. The device itself was high-end, equipped with development tools such as Visual Studio and Enigma Protector, as well as communication and data storage applications like Astrill VPN, Slack, and Telegram. Its activity also indicated that the attackers purchased the domains and prepared fake Zoom installers to carry out phishing attacks. This discovery provides rare insights into the internal workings of asset sharing within North Korean-backed hacking operations.

Security firm: LummaC2 virus infected North Korean hacking devices linked to the Bybit theft.

2025/12/05 22:50

Analysis revealed that the credentials found on the device were linked to domains registered before the attack and used to impersonate Bybit. The device itself was high-end, equipped with development tools such as Visual Studio and Enigma Protector, as well as communication and data storage applications like Astrill VPN, Slack, and Telegram. Its activity also indicated that the attackers purchased the domains and prepared fake Zoom installers to carry out phishing attacks. This discovery provides rare insights into the internal workings of asset sharing within North Korean-backed hacking operations.

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact service@support.mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.