Google finds North Korean hackers using new EtherHiding technique to steal crypto

Google's Threat Intelligence Group (GTIG) announced on Oct. 17 that a North Korea-linked hacker, UNC5324, is using a new technique called EtherHiding to steal cryptocurrency and collect sensitive information, Yonhap News reported. The group emphasized the significance of its findings, noting this is the first observed case of a state-sponsored actor exploiting the EtherHiding method, which conceals malware on public, decentralized blockchains. The multi-stage attack compromised systems running Windows, macOS, and Linux. GTIG confirmed that the attackers stored their malware on an immutable blockchain and loaded it as a read-only file, allowing them to maintain anonymous command and control.