2020-09
KuCoin suffered a September 2020 exchange breach in which attackers gained access to hot-wallet private keys and stole cryptocurrency, with reported losses ranging from at least $150 million to roughly $275-$280 million. Chainalysis attributed the hack to…
🇸🇬 Singapore
#Cryptocurrency
#FinancialGain
2020-09
Unibright reported unexpected token movements after unauthorized access led to calls against token lock-contract transfer functions targeting addresses tied to a company HD wallet. ZachXBT later included Unibright among cryptocurrency hacks traced to Laza…
🇩🇪 Germany
#Cryptocurrency
#FinancialGain
2020-09
Slovakian cryptocurrency exchange Eterbase was compromised in September 2020, with attackers stealing about $5.4 million from six internet-connected hot wallets holding Bitcoin, Ethereum, XRP, Tezos, Algorand, and TRON. Reuters reported that Lazarus used …
🇸🇰 Slovakia
#Cryptocurrency
#FinancialGain
2020-08
CoinBerry was described in linked evidence as a reported hot-wallet incident around 2020-08-24 in which approximately 8.33 BTC was allegedly taken, followed by a pause in withdrawals and later resumed use of the same wallet address. ZachXBT later included…
🇨🇦 Canada
#Cryptocurrency
#FinancialGain
2020-08
ESRC linked an HDAC-themed cryptocurrency-wallet campaign to Thallium, describing Android and Windows components disguised as legitimate domestic wallet firmware or update software. The activity targeted wallet passcodes and used modified configurations o…
🇰🇷 Korea, Republic of
#Cryptocurrency
#FinancialGain
2020-08
The U.S. Justice Department indictment described North Korean RGB-linked programmers, associated in security reporting with Lazarus Group and APT38, as conducting a long-running conspiracy involving destructive attacks, financial theft, extortion, and cry…
🇺🇸 United States
#Cryptocurrency
#FinancialGain
2020-07
Kaspersky linked VHD ransomware operations to Lazarus after incident-response evidence found the MATA framework backdoor in the same victim environment and no sign of another actor during the intrusion. The campaign used victim-specific spreading utilitie…
ZZZ
#FinancialGain
2020-07
The KAMS incident involved a malicious HWP document distributed through a notice associated with the Korea healthcare sector, with linked metadata classifying the activity as a watering-hole-style compromise and data-breach event. The available evidence s…
🇰🇷 Korea, Republic of
#Wateringhole
#Healthcare
#DataBreach
2020-02
Bank Rakyat Indonesia was reported to have been targeted by Lazarus in February 2020. Carnegie's financial-sector incident timeline says attackers likely gained access to the bank's networks using BEEFEATER, malware previously associated with the Banglade…
🇮🇩 Indonesia
#Finance
#FinancialGain
2019-11
Upbit suffered a cryptocurrency-exchange breach on 27 November 2019 when 342,000 ETH was transferred from its Ethereum hot wallet to attacker-controlled addresses, prompting service suspensions, cold-wallet transfers, and exchange-side tracing. Subsequent…
🇰🇷 Korea, Republic of
#Cryptocurrency
#FinancialGain
2019-10
The Kudankulam Nuclear Power Plant incident involved malware on KKNPP's administrative network in India, with DTrack/Preft samples configured for information theft using victim-specific internal paths, credentials, compression of collected data, and attem…
🇮🇳 India
#Espionage
#Utility
2019-09
Algo Capital disclosed that wallets administered by its former CTO were compromised after a sophisticated remote-access compromise of the administrator's mobile phone exposed recovery seed backup data, enabling theft from fund, company, and personal holdi…
🇬🇧 United Kingdom
#Cryptocurrency
#FinancialGain
2019-09
Kaspersky's Dtrack research began with ATMDtrack malware targeting Indian ATMs and expanded into more than 180 related Dtrack samples used against India's financial sector and research centers. The tooling used encrypted overlay payloads, runtime decrypti…
🇮🇳 India
#Finance
#ATM
#FinancialGain
2019-09
The Magyar Fejlesztési Központ incident destroyed the Hungarian Development Center's server environment and digital records, forcing the organization to rebuild its administration after losing contracts, invoices, business software, and other operational …
🇭🇺 Hungary
#Government
#Destruction
2019-07
The MarkAny incident involved malware distributed with a valid digital signature from a Korean DRM and document-security vendor, increasing the likelihood of bypassing trust-based controls. After infection the malware created a scheduled task named "Jav M…
🇰🇷 Korea, Republic of
#SupplyChain
#Technology