Threat
Ilya Kabanov

Another insightful read on North Korea's cyber activities

The Lazarus APT machine linked to the $1.4 billion theft from Bybit was infected with LummaC2

Hudson Rock connected the dots:

  • Infrastructure Link: trevorgreer9312gmail.com found on the infected machine was used to register the domain bybit-assessment[.]com just hours before the theft
  • MalDev Pipeline: Visual Studio Pro 2019 and Enigma Protector v7.40
  • Attribution Paradox: Traffic was routed through a US IP; browser settings were forced to Chinese-Simplified, but translation history showed queries converting text to Korean
  • Financial Motives: Activity logs indicate a strong focus on crypto, including MetaMask and BitPay