Security firm reports suspected North Korean hackers targeting crypto firms

KuCoinFlash

Release Time: 03/09/2026 03:16:38

Summary

A security breach was reported on March 9, 2026, after Ctrl-Alt-Intel revealed suspected North Korean hackers targeting crypto exchange news platforms, staking services, and software vendors. The attackers exploited the React2Shell vulnerability and stolen AWS credentials to gain access to cloud environments, extracting keys and source code from multiple systems. The compromised data included ChainUp components, Docker images, and Kubernetes configurations. Attack infrastructure linked to a South Korean server and the domain itemnania.com was identified. Researchers associate the activity with North Korean tactics, but the origin of the AWS credentials remains unclear.

BlockBeats report, March 9: The security research firm Ctrl-Alt-Intel disclosed that a group of hackers suspected of being linked to North Korea launched attacks against staking platforms, exchange software vendors, and cryptocurrency exchanges. The attackers exploited the React2Shell vulnerability (CVE-2025-55182) and compromised AWS access credentials to infiltrate cloud environments, enumerated resources such as S3, EC2, RDS, EKS, and ECR, and extracted keys and credentials from Secrets Manager, Terraform files, Kubernetes configurations, and Docker containers.

Researchers stated that the attackers downloaded five Docker images and stole source code, including software components related to ChainUp customers. The attack infrastructure involved the Korean server 64.176.226[.]36 and the domain itemnania[.]com. The activity is consistent with characteristics associated with North Korean attacks, though attribution confidence is moderate, and the origin of the AWS credentials remains unclear.

Source:Show original

Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information. Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.