coin-img-ETHETH+3.70%coin-img-BTCBTC+1.91%coin-img-NEXINEXI-42.06%coin-img-SOLSOL+3.74%coin-img-ROBOROBO+11.13%coin-img-OPNOPN+2.34%coin-img-USDCUSDC-0.01%coin-img-XRPXRP+1.01%coin-img-ETHETH+3.70%coin-img-BTCBTC+1.91%coin-img-NEXINEXI-42.06%coin-img-SOLSOL+3.74%coin-img-ROBOROBO+11.13%coin-img-OPNOPN+2.34%coin-img-USDCUSDC-0.01%coin-img-XRPXRP+1.01%coin-img-ETHETH+3.70%coin-img-BTCBTC+1.91%coin-img-NEXINEXI-42.06%coin-img-SOLSOL+3.74%coin-img-ROBOROBO+11.13%coin-img-OPNOPN+2.34%coin-img-USDCUSDC-0.01%coin-img-XRPXRP+1.01%coin-img-ETHETH+3.70%coin-img-BTCBTC+1.91%coin-img-NEXINEXI-42.06%coin-img-SOLSOL+3.74%coin-img-ROBOROBO+11.13%coin-img-OPNOPN+2.34%coin-img-USDCUSDC-0.01%coin-img-XRPXRP+1.01%

Security Firm Links Suspected North Korea Campaign to Crypto Platforms via React2Shell Exploit

Security research firm CtrlAltIntel reported on March 9 that a hacking group allegedly tied to North Korea targeted staking platforms, exchange software vendors, and cryptocurrency exchanges by exploiting the React2Shell vulnerability (CVE-2025-55182) and abusing compromised AWS access credentials. The attackers accessed cloud environments, enumerated resources including S3, EC2, RDS, EKS, and ECR, and pulled keys and credentials from AWS Secrets Manager, Terraform files, Kubernetes configurations, and Docker containers. Researchers said the group downloaded five Docker images and exfiltrated source code, including software components linked to ChainUp customers, using infrastructure that relied on the Korean server 64.176.226[.]36 and the domain itemnania[.]com. CtrlAltIntel noted that the tactics and infrastructure align with activity previously associated with North Korean operations, but emphasized that attribution confidence remains moderate and the source of the AWS credentials is still unknown.
Klauzula wyłączenia odpowiedzialności: Powyższe treści są wyrazem opinii autora i nie stanowią opinii BingX. Nie należy ich traktować jako porady inwestycyjnej od BingX. Sprawdź szczegóły w regulaminie.