ALL POSTS

Key Findings North Korean state-sponsored hacking group UNC4736 orchestrated a six-month social engineering campaign against Drift, culminating in the theft of $285 million on April 1, 2026 The operation began in fall 2025 with actors posing as a quantitative trading firm, using in-person meetings at cryptocurrency conferences across multiple countries to build trust with Drift contributors UNC4736 is also tracked as AppleJeus, Citrine Sleet, Golden Chollima, and Gleaming Pis

Key Findings Drift Protocol, a Solana-based decentralized exchange, lost approximately $285 million on April 1, 2026 in a sophisticated social engineering attack Attackers exploited durable nonce mechanisms to obtain unauthorized multisig approvals and gain control of the Security Council administrative powers The attack involved multi-week preparation starting as early as March 23, 2026, with staged execution and pre-signed transactions Threat actors created a fictitious ass

Key Findings WhatsApp alerted approximately 200 users, primarily in Italy, who were tricked into installing a counterfeit iOS app containing spyware The fake app was created by Asigint, an Italian subsidiary of spyware company SIO Spa All affected users have been logged out and advised to uninstall the malicious app and download the official version WhatsApp is pursuing legal action against Asigint to stop further malicious activity The attack relied on social engineering tac

Key Findings Seven malicious npm packages tracked as "Ghost campaign" designed to steal cryptocurrency wallets and credentials Packages use sophisticated social engineering tactics including fake installation logs and sudo password phishing Attack chain culminates in remote access trojan capable of harvesting sensitive data and awaiting attacker commands Activity shares overlap with GhostClaw campaign, suggesting possible connection between threat actors Packages published un