Gate News: On March 9, security research organization Ctrl-Alt-Intel disclosed that a group suspected to be linked to North Korea launched attacks against staking platforms, software vendors for exchanges, and cryptocurrency exchanges. The attackers exploited the React2Shell vulnerability (CVE-2025-55182) and accessed AWS credentials to infiltrate cloud environments, enumerating resources such as S3, EC2, RDS, EKS, and ECR, and extracting keys and credentials from Secrets Manager, Terraform files, Kubernetes configurations, and Docker containers. Researchers stated that the attackers downloaded five Docker images and stole source code, including software components related to ChainUp clients. The infrastructure involved Korean servers at 64.176.226.36 and the domain itemnania.com. The report indicates that the activity exhibits characteristics consistent with North Korean attacks, but attribution confidence is medium, and the source of AWS credentials remains unclear.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
