TechFlow news, on December 9, according to Cointelegraph, Radiant Capital stated in an updated investigation report on December 6 that cybersecurity firm Mandiant has assessed with high confidence that the attack was carried out by a threat actor affiliated with North Korea (DPRK).
The platform said that on September 11, a Radiant developer received a Telegram message containing a compressed file from a "trusted former contractor," requesting feedback on a new project they were planning. Upon review, the message appeared to originate from a DPRK-aligned threat actor impersonating the former contractor. "This ZIP file ultimately delivered malware when shared with other developers for feedback, facilitating the subsequent breach."
Radiant Capital believes the threat actor responsible for this incident is known as "UNC4736"—reportedly linked to North Korea's primary intelligence agency, the Reconnaissance General Bureau (RGB), and believed to be a sub-group of the hacker collective Lazarus Group.
Previous report: cross-chain lending protocol Radiant Capital suffered a cyberattack, resulting in losses exceeding $50 million.




