X @Wu Blockchain

Security firm Ctrl-Alt-Intel reported that hackers, suspected North Korea-linked, targeted staking platforms, exchange software providers, and crypto exchanges. They exploited React2Shell and AWS credentials to access cloud resources, extract keys and credentials, and exfiltrate 5 Docker images and source code, including ChainUp client components. Infrastructure used a South Korea server (64.176.226[.]36) and domain itemnania[.]com. Attribution is moderate; AWS credential origin unclear. https://t.co/VsVEnV ...