[Hudson Rock Discovers North Korean Hacker Device Infected with LummaC2 Virus Linked to Bybit Theft]
Cybersecurity company Hudson Rock, while analyzing logs of the LummaC2 information-stealing malware, discovered a device suspected to be operated by a member of a North Korean state-sponsored hacking group. This device was used to build the infrastructure supporting the $1.4 billion cryptocurrency exchange Bybit theft in February 2025. Credentials stored on the device were linked to domains impersonating Bybit that were registered prior to the attack. The device also had development tools such as Visual Studio and Enigma Protector installed, as well as communication and data storage applications like Astrill VPN, Slack, and Telegram. The attackers also purchased domains and prepared fake Zoom installers to carry out phishing attacks. This discovery reveals details of asset-sharing operations within North Korean-supported hacking activities.