Research: North Korean hackers use fake job opportunities to invade cloud systems, stealing $1.6 billion in cryptocurrency this year

According to Decrypt, a study by Google Cloud and cybersecurity company Wiz shows that North Korean hacker groups are infiltrating cloud systems through false IT job offers and are expected to steal $1.6 billion worth of cryptocurrency by 2025. Research shows that a hacker team with the code name UNC4899 (also known as TraderTraitor, Jade Sleet, or Slow Pises) impersonated recruiters on social media, lured target company employees to run malicious programs, successfully hacked into Google Cloud and AWS systems, and hijacked cryptocurrency trading hosts. Wiz stated that TraderTraitor represents a certain type of threat activity, rather than a specific group, and North Korean backed entities such as Lazarus Group, APT38, BlueNoroff, and Stardust Chollima are typical masterminds behind TraderTraitor attacks. This attack pattern has continued to evolve since 2020: early use of JavaScript to build malicious encrypted applications, introduction of open-source code vulnerability exploitation in 2023, and targeted attacks on exchange cloud infrastructure in 2024, including the intrusion event that caused a loss of $305 million for Japanese DMM Bitcoin. Experts point out that North Korean hackers are the first to use AI technology to generate phishing emails and malicious scripts, and their attack team may have a size of thousands of people.