Express
Security Company: LummaC2 Virus Infected North Korean Hacker Device Linked to Bybit Theft Case
Summary: According to Hackread.com, cybersecurity company Hudson Rock discovered an infected device while analyzing logs of the LummaC2 information-stealing malware, with the operator suspected to be a malicious software developer in a North Korean state-supported hacker group. The device was used to build the infrastructure for the $1.4 billion theft case targeting the cryptocurrency exchange Bybit ...
According to Hackread.com, cybersecurity company Hudson Rock discovered an infected device while analyzing logs of the LummaC2 information-stealing malware, with the operator suspected to be a malicious software developer in a North Korean state-supported hacker group.
The device was used to build the infrastructure for the $1.4 billion theft case targeting the cryptocurrency exchange Bybit in February 2025. Analysis revealed that credentials found on the device were linked to domains registered before the attack, used to impersonate Bybit. The device itself was high-end, equipped with development tools like Visual Studio, Enigma Protector, as well as communication and data storage applications like Astrill VPN, Slack, Telegram. Activity traces also showed that the attacker purchased related domains and prepared a fake Zoom installation program for phishing attacks. This rare discovery sheds light on the internal workings of asset sharing in North Korean-supported hacker operations.
Tags:
Link: Security Company: LummaC2 Virus Infected North Korean Hacker Device Linked to Bybit Theft Case [Copy]
