"The basis for this connection is both on-chain (fund flows used to stage and test this operation trace back to the Radiant attackers) and operational (personas deployed across this campaign have identifiable overlaps with known DPRK-linked activity)."
"The adversary typically conducts smaller-value thefts at a more consistent operational tempo, suggesting responsibility for ensuring baseline revenue generation for the DPRK regime."
"Despite improving trade relations with Russia, the DPRK requires additional revenue to fund ambitious military plans that include constructing new destroyers, building nuclear-powered submarines, and launching additional reconnaissance satellites."
The April 1, 2026, theft of $285 million was executed by a North Korean hacking group known as UNC4736, following a six-month social engineering operation. This group has targeted the cryptocurrency sector since 2018, with notable past incidents including the X_TRADER/3CX breach and the $53 million hack of Radiant Capital. Drift's analysis links the operation to DPRK activities through on-chain fund flows and operational personas. CrowdStrike describes Golden Chollima, an offshoot of Labyrinth Chollima, as focused on cryptocurrency theft from small fintech firms across various countries.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]