Security Firm Uncovers North Korea–Linked Attack on Crypto Infrastructure

Security firm Ctrl-Alt-Intel reports suspected North Korea-linked hackers targeted crypto platforms using React2Shell and AWS credentials.

Security researchers have reported a cyber campaign targeting companies linked to crypto infrastructure.

The activity focused on staking platforms, exchange software providers, and crypto trading services.

Security firm Ctrl-Alt-Intel said the operation used cloud access and software vulnerabilities to obtain sensitive data from targeted systems.

Attack Targeted Crypto Infrastructure Providers

Security firm Ctrl-Alt-Intel said attackers focused on companies that support crypto services.

These included staking platforms, crypto exchanges, and firms that develop exchange software.

Researchers said the attackers attempted to access cloud environments and internal systems.

These systems often store operational data and software used by crypto trading platforms.

The campaign targeted technology providers connected to exchange infrastructure. Such firms often supply backend software used by multiple trading platforms.

Ctrl-Alt-Intel reported that attackers attempted to extract sensitive credentials and internal files. The activity aimed to obtain information that could help access production systems.

The firm stated that the attack affected infrastructure linked to several crypto platforms.

Investigators believe the operation aimed to gain deeper access into the crypto service supply chain.

Researchers said that infrastructure providers can become attractive targets because they manage systems used by multiple companies.

React2Shell and AWS Credentials Used in Intrusion

The investigation found that attackers exploited a vulnerability known as React2Shell. This flaw allowed them to interact with systems running vulnerable software components.

Through this method, attackers were able to gain access to cloud resources. Once inside, they searched for stored credentials and configuration data.

The report said that AWS credentials were also used during the intrusion. These credentials allowed attackers to interact with cloud services and internal environments.

Researchers believe the attackers attempted to obtain encryption keys and login credentials. Such information could provide access to protected infrastructure.

The attackers also extracted technical resources from targeted systems. According to the report, they exfiltrated five Docker images and source code from internal repositories.

Some of the extracted materials included components linked to ChainUp clients. ChainUp provides exchange infrastructure used by several crypto trading platforms.

The report stated that obtaining such files may help attackers study platform architecture and system design.

Related Reading: Suspected Infini Hacker Routes $32.7M in ETH Through Tornado Cash

Infrastructure and Attribution Details

The investigation identified technical infrastructure linked to the activity. Researchers traced some operations to a server located in South Korea.

The server used the address 64.176.226[.]36, according to the report. Investigators also identified the domain itemnania[.]com connected to the campaign.

Security analysts said the attack patterns showed similarities to previous operations linked to North Korea. These campaigns have often targeted financial platforms and digital asset services.

Ctrl-Alt-Intel said the attribution level remains moderate. The researchers explained that the origin of the AWS credentials used in the operation remains unclear.

Because of this uncertainty, investigators have not confirmed the full source of the intrusion. They said further monitoring is required to understand the campaign’s scope.

Security firms continue to monitor activity linked to crypto infrastructure attacks.

Researchers note that cloud access and software supply chains remain frequent targets for cyber groups operating in the digital asset sector.

The post Security Firm Uncovers North Korea–Linked Attack on Crypto Infrastructure appeared first on Live Bitcoin News.