Rewards Hub Security research firm Ctrl-Alt-Intel has disclosed that a group of hackers, suspected to be linked to North Korea, has launched attacks on staking platforms, exchange software providers, and cryptocurrency exchanges. The attackers exploited the React2Shell vulnerability (CVE-2025-55182) and used compromised AWS credentials to infiltrate cloud environments. They enumerated resources such as S3, EC2, RDS, EKS, and ECR, extracting keys and credentials from Secrets Manager, Terraform files, Kubernetes configurations, and Docker containers.
The hackers reportedly downloaded five Docker images and stole source code, including software components related to ChainUp clients. The attack infrastructure involved a South Korean server with the IP address 64.176.226[.]36 and the domain itemnania[.]com. While the activities align with known North Korean attack patterns, the attribution confidence is moderate, and the source of the AWS credentials remains unclear.
North Korean-Linked Hackers Exploit React2Shell Vulnerability in Crypto Attacks
Disclaimer: The content provided on Phemex News is for informational purposes only. We do not guarantee the quality, accuracy, or completeness of the information sourced from third-party articles. The content on this page does not constitute financial or investment advice. We strongly encourage you to conduct you own research and consult with a qualified financial advisor before making any investment decisions.