慢雾余弦：确认CEX被盗事件黑客是朝鲜Lazarus Group，已揭露其攻击方式

Blockbeats

23 Feb

BlockBeats 消息，2 月 23 日，慢雾创始人余弦发文表示，“通过取证分析与关联追踪，我们确认 CEX 被盗事件攻击者正是朝鲜黑客组织 Lazarus Group，这是一场针对加密货币交易平台的国家级 APT 攻击。”

“攻击者利用 pyyaml 进行 RCE（远程代码执行），实现恶意代码下发，从而控制目标电脑和服务器。这种方式绕过了绝大多数杀毒软件的查杀。在与合作伙伴同步情报后，又获取了多个类似的恶意样本。攻击者的主要目标是通过入侵加密货币交易平台的基础设施，获取对钱包的控制权，进而非法转移钱包中的大量加密资产。”

“慢雾发表总结文章揭示了 Lazarus Group 的攻击方式，还分析了其利用社会工程学、漏洞利用、权限提升、内网渗透及资金转移等一系列战术。同时基于实际案例总结了针对 APT 攻击的防御建议，希望能为行业提供参考，帮助更多机构提升安全防护能力，减少潜在威胁的影响。”

Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.

Most Discussed

1
2
3
4
5
6
7
8
9
10

{"basename":"","ssrTDKData":{"titleTemplate":"%s - Tiger Brokers","title":"Tiger Brokers | Global Stocks, Options & Futures Trading App","description":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","keywords":"tiger brokers,tiger trade,tiger brokers singapore,broker online,stock trading in singapore,share trading singapore,brokerage firm singapore,trading app,stock broker singapore,stock trading platforms,trading account","social":{"ogDescription":"Tiger Brokers, one-stop investment in US stocks, SGX stocks, HK stocks, A-shares & other global assets. One of the best stock trading platforms in Singapore.","ogImage":"https://c1.itigergrowtha.com/portal5/static/media/og-logo.be62fbe1.png","ogUrl":"https://www.itiger.com/news/2513732140"},"companyName":"Tiger Brokers"},"pageData":{"isMobile":false,"isTiger":false,"isTTM":true,"region":"SGP","license":"TBSG","edition":"fundamental"},"__swrFallback__":{"@#url:\"https://stock-news.skytigris.cn/v3/news\",params:#id:\"2513732140\",edition:\"fundamental\",,,undefined,":{"share":"https://ttm.financial/m/news/2513732140?lang=en_US&edition=fundamental","thumbnail":"","is_english":false,"pubTime":"2025-02-23 20:07","share_image_url":"https://static.laohu8.com/e9f99090a1c2ed51c021029395664489","id":"2513732140","market":"us","top_or_hot":-1,"title":"慢雾余弦：确认CEX被盗事件黑客是朝鲜Lazarus Group，已揭露其攻击方式","media":"Blockbeats","content":"<html><body><div><p>BlockBeats 消息，2 月 23 日，慢雾创始人余弦发文表示，“通过取证分析与关联追踪，我们确认 CEX 被盗事件攻击者正是朝鲜黑客组织 Lazarus Group，这是一场针对加密货币交易平台的国家级 APT 攻击。”</p><p>“攻击者利用 pyyaml 进行 RCE（远程代码执行），实现恶意代码下发，从而控制目标电脑和服务器。这种方式绕过了绝大多数杀毒软件的查杀。在与合作伙伴同步情报后，又获取了多个类似的恶意样本。攻击者的主要目标是通过入侵加密货币交易平台的基础设施，获取对钱包的控制权，进而非法转移钱包中的大量加密资产。”</p><p>“慢雾发表总结文章揭示了 Lazarus Group 的攻击方式，还分析了其利用社会工程学、漏洞利用、权限提升、内网渗透及资金转移等一系列战术。同时基于实际案例总结了针对 APT 攻击的防御建议，希望能为行业提供参考，帮助更多机构提升安全防护能力，减少潜在威胁的影响。”</p></div></body></html>","source":"theblockbeats_zh_live","html":"<!DOCTYPE html>\n<html>\n<head>\n<meta content=\"text/html; charset=utf-8\" http-equiv=\"Content-Type\"/>\n<meta content=\"width=device-width,initial-scale=1.0,minimum-scale=1.0,maximum-scale=1.0,user-scalable=no\" name=\"viewport\"/>\n<meta content=\"telephone=no,email=no,address=no\" name=\"format-detection\"/>\n<title>慢雾余弦：确认CEX被盗事件黑客是朝鲜Lazarus Group，已揭露其攻击方式</title>\n<style type=\"text/css\">\na,abbr,acronym,address,applet,article,aside,audio,b,big,blockquote,body,canvas,caption,center,cite,code,dd,del,details,dfn,div,dl,dt,\nem,embed,fieldset,figcaption,figure,footer,form,h1,h2,h3,h4,h5,h6,header,hgroup,html,i,iframe,img,ins,kbd,label,legend,li,mark,menu,nav,\nobject,ol,output,p,pre,q,ruby,s,samp,section,small,span,strike,strong,sub,summary,sup,table,tbody,td,tfoot,th,thead,time,tr,tt,u,ul,var,video{ font:inherit;margin:0;padding:0;vertical-align:baseline;border:0 }\nbody{ font-size:16px; line-height:1.5; color:#999; background:transparent; }\n.wrapper{ overflow:hidden;word-break:break-all;padding:10px; }\nh1,h2{ font-weight:normal; line-height:1.35; margin-bottom:.6em; }\nh3,h4,h5,h6{ line-height:1.35; margin-bottom:1em; }\nh1{ font-size:24px; }\nh2{ font-size:20px; }\nh3{ font-size:18px; }\nh4{ font-size:16px; }\nh5{ font-size:14px; }\nh6{ font-size:12px; }\np,ul,ol,blockquote,dl,table{ margin:1.2em 0; }\nul,ol{ margin-left:2em; }\nul{ list-style:disc; }\nol{ list-style:decimal; }\nli,li p{ margin:10px 0;}\nimg{ max-width:100%;display:block;margin:0 auto 1em; }\nblockquote{ color:#B5B2B1; border-left:3px solid #aaa; padding:1em; }\nstrong,b{font-weight:bold;}\nem,i{font-style:italic;}\ntable{ width:100%;border-collapse:collapse;border-spacing:1px;margin:1em 0;font-size:.9em; }\nth,td{ padding:5px;text-align:left;border:1px solid #aaa; }\nth{ font-weight:bold;background:#5d5d5d; }\n.symbol-link{font-weight:bold;}\n/* header{ border-bottom:1px solid #494756; } */\n.title{ margin:0 0 8px;line-height:1.3;color:#ddd; }\n.meta {color:#5e5c6d;font-size:13px;margin:0 0 .5em; }\na{text-decoration:none; color:#2a4b87;}\n.meta .head { display: inline-block; overflow: hidden}\n.head .h-thumb { width: 30px; height: 30px; margin: 0; padding: 0; border-radius: 50%; float: left;}\n.head .h-content { margin: 0; padding: 0 0 0 9px; float: left;}\n.head .h-name {font-size: 13px; color: #eee; margin: 0;}\n.head .h-time {font-size: 11px; color: #7E829C; margin: 0;line-height: 11px;}\n.small {font-size: 12.5px; display: inline-block; transform: scale(0.9); -webkit-transform: scale(0.9); transform-origin: left; -webkit-transform-origin: left;}\n.smaller {font-size: 12.5px; display: inline-block; transform: scale(0.8); -webkit-transform: scale(0.8); transform-origin: left; -webkit-transform-origin: left;}\n.bt-text {font-size: 12px;margin: 1.5em 0 0 0}\n.bt-text p {margin: 0}\n</style>\n</head>\n<body>\n<div class=\"wrapper\">\n<header>\n<h2 class=\"title\">\n慢雾余弦：确认CEX被盗事件黑客是朝鲜Lazarus Group，已揭露其攻击方式\n</h2>\n<h4 class=\"meta\">\n\n\n2025-02-23 20:07 北京时间   <a href=\"https://www.theblockbeats.info//flash/282889\"><strong>Blockbeats</strong></a>\n</h4>\n</header>\n<article>\n<div>\n<p>BlockBeats 消息，2 月 23 日，慢雾创始人余弦发文表示，“通过取证分析与关联追踪，我们确认 CEX 被盗事件攻击者正是朝鲜黑客组织 Lazarus Group，这是一场针对加密货币交易平台的国家级 APT 攻击。”“攻击者利用 pyyaml 进行 RCE（远程代码执行），实现恶意代码下发，从而控制目标电脑和服务器。这种方式绕过了绝大多数杀毒软件的查杀。在与合作伙伴同步情报后，又获取了...</p>\n<a href=\"https://www.theblockbeats.info//flash/282889\">Source Link</a>\n</div>\n</article>\n</div>\n</body>\n</html>\n","isBrief":false,"type":0,"news_type":1,"symbol":"APT","symbol_name":"Alpha Pro Tech Ltd","start_time":0,"source_url":"https://www.theblockbeats.info//flash/282889","article_id":"2513732140","we_media_id":null,"thumbnails":[],"rights":null,"url":"https://stock-news.laohu8.com/highlight/detail?id=2513732140","pubTimestamp":1740312420,"columns":[],"sourceInfo":{"source_id":"theblockbeats_zh_live","name":"blockbeat"},"weMediaInfo":null,"summary":"BlockBeats 消息，2 月 23 日，慢雾创始人余弦发文表示，“通过取证分析与关联追踪，我们确认 CEX 被盗事件攻击者正是朝鲜黑客组织 Lazarus Group，这是一场针对加密货币交易平","collect":0,"end_time":0,"defaultTopTitle":"theblockbeats.info","property":[],"viewcount":null,"language":"zh","relate_stocks":{"APT":"Alpha Pro Tech Ltd","BK4568":"美国抗疫概念","BK4086":"建筑产品"},"translate_title":"Slow Fog Cosine: Confirmed CEX theft hacker is North Korea's Lazarus Group, which has revealed its attack method","themeId":null,"isJumpTheme":false,"ttsUrl":null,"symbols_score_info":{"APT":1},"content_text":"BlockBeats 消息，2 月 23 日，慢雾创始人余弦发文表示，“通过取证分析与关联追踪，我们确认 CEX 被盗事件攻击者正是朝鲜黑客组织 Lazarus Group，这是一场针对加密货币交易平台的国家级 APT 攻击。”“攻击者利用 pyyaml 进行 RCE（远程代码执行），实现恶意代码下发，从而控制目标电脑和服务器。这种方式绕过了绝大多数杀毒软件的查杀。在与合作伙伴同步情报后，又获取了多个类似的恶意样本。攻击者的主要目标是通过入侵加密货币交易平台的基础设施，获取对钱包的控制权，进而非法转移钱包中的大量加密资产。”“慢雾发表总结文章揭示了 Lazarus Group 的攻击方式，还分析了其利用社会工程学、漏洞利用、权限提升、内网渗透及资金转移等一系列战术。同时基于实际案例总结了针对 APT 攻击的防御建议，希望能为行业提供参考，帮助更多机构提升安全防护能力，减少潜在威胁的影响。”","kind":"live","is_publish_news":false,"is_publish_highlight":false,"is_publish_live":true,"is_publish_wemedia":null,"editions":null,"column":"","sentiment":"0","news_tag":"","news_rank":0,"symbols":[],"gpt_button":0}}}