News
North Korean hackers stole millions of dollars in cryptocurrencies. Their work was impeccable
- March 10, 2026
- Updated: March 11, 2026 at 10:21 AM
A North Korean threat actor known as UNC4899 is suspected of carrying out a cloud compromise campaign that targeted a cryptocurrency organization in 2025, with the aim of stealing millions of dollars.
This activity, moderately attributed to a state-sponsored adversary, is also tracked under the cryptonyms Jade Sleet, PUKCHONG, Slow Pisces, and TraderTraitor.
Ocean’s 14
According to Google’s Cloud Threat Horizons Report, this incident stands out for its complex combination of social engineering and exploitation of data transfer mechanisms between personal and corporate devices. The attackers tricked a developer into downloading a malicious file under the guise of a supposed open-source collaboration, which then allowed unauthorized access to their corporate machine and, subsequently, to the cloud infrastructure.
Once inside the cloud environment, attackers abused legitimate DevOps workflows to steal credentials and manipulate Cloud SQL databases, thereby facilitating cryptocurrency theft. Through modifications to Kubernetes configurations and the execution of malicious commands, the attackers managed to establish a persistent presence in the environment, employing techniques known as “living-off-the-cloud” (LoTC).
This incident highlights the critical risks associated with data transfer methods between personal and corporate devices, as well as the unsecured handling of secrets in a cloud environment. In response, organizations are advised to implement a defense-in-depth strategy that includes rigorous identity validation, restrictions on data transfer, and isolation within cloud execution environments to mitigate damage in the event of an intrusion event.
Experts warn about the importance of adopting policies that discourage the use of external devices and insecure connections, such as file sharing via AirDrop or Bluetooth, to protect the critical infrastructure of organizations against increasingly sophisticated threats.
Journalist specialized in technology, entertainment and video games. Writing about what I'm passionate about (gadgets, games and movies) allows me to stay sane and wake up with a smile on my face when the alarm clock goes off. PS: this is not true 100% of the time.
Latest from Chema Carvajal Sarabia
- Can the first stars of the universe be found? They believe they have found them 80,000 light-years from Earth
- This streaming platform has just released the most anticipated anime of this spring and it is absolutely crazy
- We have been able to see the new Harry Potter series from HBO months before its premiere and it looks good… and has some downsides
- The sequel to The Devil Wears Prada could be a box office hit: more than 60 million dollars are projected for its opening weekend
You may also like
NewsCan the first stars of the universe be found? They believe they have found them 80,000 light-years from Earth
Read more
NewsThis streaming platform has just released the most anticipated anime of this spring and it is absolutely crazy
Read more
NewsWe have been able to see the new Harry Potter series from HBO months before its premiere and it looks good… and has some downsides
Read more
NewsThe sequel to The Devil Wears Prada could be a box office hit: more than 60 million dollars are projected for its opening weekend
Read more
NewsThe stars of Malcolm in the Middle have the secret to a lasting marriage: good sex
Read more
NewsThe next great adventure manga takes place in the Pleistocene and is by the mangaka who is writing Berserk
Read more