LummaC2 Infects North Korean Hacker Device Linked to Bybit Heist

A North Korean state-sponsored threat actor got infected by the same kind of malware typically used against others, exposing rare insights into their operations and direct ties to one of the largest cryptocurrency thefts on record. For once, the tables turned.

The infection was picked up by Hudson Rock, a cybercrime intelligence firm, during analysis of a LummaC2 infostealer log. What looked like a routine infection turned out to be anything but. The compromised machine belonged to a malware developer operating within North Korea’s state-linked cyber apparatus.

Links to $1.4 Billion Bybit Crypto Exchange Breach

Hudson Rock matched the data against earlier findings from threat intelligence company Silent Push. Both investigations pointed to the same thing – the infected machine had been used in the setup that supported the $1.4 billion Bybit crypto heist.

It is worth noting that the Bybit data breach, which targeted the crypto exchange ...