Expel investigators, led by Marcus Hutchins, revealed a North Korean-linked campaign dubbed HexagonalRodent that stole up to $12 million from web developers by infecting personal devices and siphoning crypto from thousands of wallets. The group used malware strains such as BeaverTail, OtterCookie and InvisibleFerret, lured targets with fake LinkedIn job offers and generative-AI-created companies, and operated infrastructure to exfiltrate credentials and drain funds #HexagonalRodent #BeaverTail
Keypoints
- Expel linked the HexagonalRodent operation to North Korean state-backed actors tracked as Famous Chollima.
- The campaign stole up to $12 million from 26,584 cryptocurrency wallets on 2,726 infected systems.
- Attackers deployed multiple malware strains, including BeaverTail, OtterCookie and InvisibleFerret, to harvest credentials and wallet data.
- Operators social-engineered Web3 developers with fake LinkedIn job offers and sham companies created using generative AI.
- HexagonalRodent reportedly consisted of 31 hackers across six teams, with evidence of splinter groups and ongoing DPRK activity targeting macOS and crypto platforms.
Read More: https://therecord.media/north-korean-hackers-siphon-12-million-from-crypto-users