Ddos 
In a recent cybersecurity report by Unit 42, a North Korean state-sponsored threat group known as Slow Pisces (aka Jade Sleet, TraderTraitor, PUKCHONG) has been identified targeting large organizations in the cryptocurrency sector. The group’s primary objective is to generate revenue for the Democratic People’s Republic of Korea (DPRK) regime, and their tactics have evolved to include sophisticated social engineering and malware deployment.
Slow Pisces’s latest campaign involves engaging with cryptocurrency developers on LinkedIn, posing as potential employers. The initial contact involves sending a benign PDF containing a job description to potential targets. If the target shows interest, they are presented with a coding challenge in the form of a “question sheet” that contains a link to a GitHub repository.
These repositories, while seemingly legitimate, contain malicious code disguised as part of the project. The malware, identified as RN Loader and RN Stealer, infects the developer’s system when they attempt to run the compromised project.
The attack chain involves a multi-stage process:
- PDF Lures: The initial contact is made through LinkedIn with a PDF containing a job description.
- GitHub Repositories: The “question sheet” PDF lures developers to GitHub repositories containing malicious code.
- C2 Server: The Command-and-Control (C2) server plays a crucial role in delivering the final payload.
The report highlights that: “The threat actors only send a malicious payload to validated targets, likely based on IP address, geolocation, time and HTTP request headers.” This suggests a targeted approach, where the attackers carefully select their victims before deploying the actual malware.
The Slow Pisces group has been attributed to significant financial losses in the cryptocurrency sector. “The group reportedly stole over $1 billion USD from the cryptocurrency sector in 2023,” indicating the scale of their operations.
Furthermore, the group’s activities have caught the attention of law enforcement and cybersecurity experts globally. In December 2024, the FBI attributed a $308 million theft from a Japan-based cryptocurrency company to Slow Pisces. More recently, they were allegedly involved in the theft of $1.5 billion from a Dubai cryptocurrency exchange.
In conclusion, the Slow Pisces campaign demonstrates the evolving tactics of state-sponsored threat groups targeting the cryptocurrency sector. By combining social engineering with sophisticated malware deployment techniques, these groups pose a significant threat to organizations and individuals alike.
Related Posts:
- North Korean Threat Group “Jumpy Pisces” Linked to Play Ransomware Attack
- North Korean Hackers Gleaming Pisces Poisoned Python Packages Target Linux & macOS
- KLogEXE & FPSpy Backdoor: Kimsuky’s Evolving Cyber Espionage Arsenal
- Microsoft: Spectre security patch will slow down your PC
Donate