The Six-Month Handshake: DPRK's $285M Social Engineering Masterclass

31:2713 scenes13 speakersBriefing

01 Cold Open: The Six-Month Handshake

Chapters

01Cold Open: The Six-Month Handshake

02Sponsor

03The Drift Heist: Attribution

04The Kill Chain: IDE to Vaults

05Following the Money

06Cascade Damage: $850M

07Developer Environment Under Siege

08LiteLLM and AI Pipeline

09CVE 2026-32746: The Quiet Bomb

10JINKUSU CAM: Debunking the Fraud

11GHOSTBLADE and Mobile Threats

12Five-Point Monday Morning Plan

13Synthesis: Trust and Toolchains

Speakers

ModeratorIntelGeopoliticalThreatCryptoIndustryRegulatorySupplyAiIcsDefenseDeepfakeMobile

▶01Cold Open: The Six-Month Handshake00:00

HalilNorth Korean operatives spent six months shaking hands at blockchain conferences, depositing a million dollars of their own money to build trust — before draining two hundred eighty-five million dollars in twelve minutes. They didn't hack the code. They hacked the humans.

HalilWelcome to CyberDaily Threatcast. I'm Halil Öztürkci. Let's get into it.

HalilToday's briefing has five critical threads. One: the Drift Protocol heist and what it tells us about DPRK's industrialized crypto theft operation. Two: the developer environment under siege — three simultaneous supply chain attacks, same target surface. Three: CVE 2026 32746, a telnetd buffer overflow sitting on fifty thousand exposed assets with root-level remote code execution and no authentication required. Four: a deepfake KYC bypass tool called JINKUSU CAM — and a twenty-five million dollar fraud claim the panel is going to debunk live. And five: what defenders actually do Monday morning.

HalilLena Hartmann on attribution. Alex Mercer on the kill chain. Elena Rossi on what Pyongyang is actually doing with a billion and a half dollars in stolen crypto. Let's go.

▶02Sponsor01:37

HalilThis episode is brought to you by Blue Cortex AI and Tarhy — their autonomous SOC platform. Here's what Tarhy does: it pulls alerts from your EDR stack — Defender, CrowdStrike, Cortex XDR, SentinelOne — and its AI agents triage every single one, around the clock. Not just pattern matching. Multi-step reasoning, cross-event correlation, MITRE ATT&CK mapping, and a confidence-scored verdict — all in about three minutes. And here's the thing that matters: their Neural Timeline shows you exactly how the AI reached each decision. No black box. The results speak for themselves — sixty to seventy percent fewer false positives, eighty percent faster time to verdict. If your SOC is drowning in five thousand alerts a day, Tarhy can save twenty-five hundred analyst hours a month. Check them out at bluecortex.ai.

▶03The Drift Heist: Attribution02:46

HalilLena, I'm starting with you. How solid is the UNC4736 link to Drift? — that's Mandiant's tracking name for a North Korean cyber unit focused on financial crime — Elliptic and TRM Labs both corroborated, but Chainguard flagged a possible overlap with UNC1069 on the Axios attack. Are we looking at one unit or multiple DPRK commands?

LenaHigh confidence. Eighty-five percent. The on-chain evidence is solid — wallet creation patterns, Solana DEX laundering signatures, bridge sequences all consistent with shared Radiant Capital infrastructure.

LenaAnd the tradecraft is the tell. Six-month social engineering campaign, conference-based HUMINT, one million dollars deployed to establish credibility. That is signature Golden Chollima — UNC4736's name in CrowdStrike's taxonomy. Fundamentally different from UNC1069.

HalilSo Chainguard's concern about cluster overlap — you're dismissing that?

LenaI'm not dismissing it, I'm explaining why it doesn't hold. UNC1069 delivered malware via npm postinstall hooks. UNC4736 deployed human operators over months. Different access vectors, different time horizons, different skill sets.

LenaWhat I need to close the remaining fifteen percent: confirmation that the Drift persona infrastructure — the domains, registrars, email accounts — shares no overlap with the Axios campaign command-and-control. If those are clean, cluster separation holds.

HalilAnd on the broader DPRK structure — one operation or parallel commands?

LenaParallel. Bybit in February 2025 was Bureau 121-style infrastructure compromise — precise, technical. Drift is Reconnaissance Bureau financial crime — the HUMINT investment, the relationship-building, that is a dedicated crypto theft unit with different skills.

Dr.And that distinction matters enormously. Because you cannot disrupt both with the same countermeasure.

HalilElena — hold that thought. I want to come back to the strategic picture. Alex, give me the kill chain. Twelve minutes to drain two hundred eighty-five million dollars. Walk me through it.

▶04The Kill Chain: IDE to Vaults05:20

AlexOkay, so — I need to correct something upfront. Calling this an IDE exploit is technically accurate but operationally misleading. This was social engineering with a vulnerability chaser.

AlexPhase one: six months of cover as a quant trading firm. Conference meetups, in-person working sessions, a million dollars deposited to establish credibility. Classic intelligence operation. Patience that script kiddies simply don't have.

HalilAnd the IDE angle?

AlexTwo vectors. A malicious TestFlight app — that's Apple's beta testing platform — bypassing App Store review. And a VSCode and Cursor IDE compromise via a known-but-unpatched WebSocket authentication bypass. Not a zero-day. A known flaw nobody fixed.

AlexOnce you own the IDE, credential harvesting is trivial. VS Code extensions run with full Node.js filesystem access. You're scraping Solana key files, browser extension storage, clipboard intercepts during signing. No magic required.

LenaRight. And this is why the six months matters. They weren't rushing to find a zero-day. They were building the access that made the mundane exploitation possible.

HalilThen how do you get from compromised developer machine to two hundred eighty-five million out the door?

AlexDurable nonces. That's a Solana feature — think of them like post-dated checks for transactions. Legitimate feature designed for offline cold wallet signing. The attackers socially engineered two of five multisig signers into pre-signing transactions they thought were benign.

AlexThey held those signatures for weeks. Then April first — twelve minutes. Listed a fake token as collateral, pumped its perceived value via oracle manipulation, raised the USDC borrowing limit from twenty-five million to five hundred million, drained twenty vaults in thirty-one transactions. Bridged everything to Ethereum. Bought a hundred twenty-nine thousand ETH.

LenaHmm. The feature designed for convenience became the perfect weapon.

AlexAnd a two-of-five multisig with no timelock — that's not a security program. That's hope.

HalilViktor — the money is moving. Where does it go?

▶05Following the Money07:36

ViktorSo — the funds moved fast. Swapped to USDC, bridged via Circle's CCTP to Ethereum, converted to ETH. That's the standard DPRK playbook. They know law enforcement can't freeze bridge transactions fast enough.

HalilRecovery prospects?

ViktorEssentially zero. Historical recovery rate across DeFi hacks in 2026 is six point five percent. And that's mostly cases where the attacker returned funds voluntarily — like Euler Finance in 2023. This is North Korea. Lazarus doesn't do ethical returns.

Dr.And that's the point. Pyongyang has unlocked a sanctions-proof revenue stream that outpaces anything they could achieve through traditional trade or extortion.

HalilElena, put numbers on it. We're at one point eight billion in eighteen months — Radiant Capital, Bybit, now Drift. What is this money actually buying?

Dr.Regime survival. Missile programs. The nuclear program. And the patronage networks keeping the elite loyal. On March twenty-ninth — just days before the Drift heist executed — North Korea conducted another missile engine test.

Dr.I don't think that timing is accidental. These operations are synchronized with strategic signaling.

LenaThat's — that's the scary part, isn't it? The next Drift-style target is already in its reconnaissance window. DPRK doesn't pause. The model works. Why would they stop?

Dr.And here's the provocative thesis: if the international community keeps treating this as cybercrime rather than strategic economic warfare — the same mistake we made with Hezbollah's narcoterrorism financing in the 2000s — we will watch this scale to five billion annually within two years.

HalilPierre — you've been running the damage model. What does the ecosystem actually look like after Drift?

▶06Cascade Damage: $850M09:42

PierreRight. So — direct theft is two hundred eighty-five million. But the total ecosystem hit is closer to eight hundred fifty million. TVL — that's total value locked in the protocol — collapsed from five hundred fifty million to two hundred fifty million. That's three hundred million in user flight and collateral destruction, separate from the theft itself.

PierreTwenty protocols caught in the blast. Perena, PiggyBank, Ranger Finance, Exponent — operational pauses, vault liquidations. Another hundred million in downstream losses. And then you layer on six to twelve months of reputational damage to Solana DeFi broadly.

HalilSystemic risk? Is this Solana's Terra-Luna moment?

PierreNo. Terra wiped forty billion in seventy-two hours via death spiral mechanics. This is one point five percent of that scale on value destruction, and the Solana mainnet didn't hiccup. Kamino, Jupiter, Marinade survived clean.

PierreBut here's the board-level point: who bears the loss? One hundred percent depositors. No insurance — admin key compromise and social engineering are explicitly excluded from DeFi policies. No protocol treasury backstop. This is the depositor-bearer model confirmed again.

Dr.And from a regulatory standpoint, this is a fascinating void. Drift, as a decentralized protocol, likely falls outside GDPR's material scope — Article 3 requires an establishment. But EU-based liquidity providers, front-end operators, intermediaries? They're caught.

HalilSofia, what about NIS2 for those intermediaries?

Dr.Under NIS2 Article 23, essential and important entities — financial institutions, exchanges with EU operations — face a twenty-four hour initial notification window to their national CSIRT, then a full report within seventy-two hours. The penalty exposure is ten million euros or two percent of global annual turnover, whichever is higher.

Dr.The sleeper issue is MiCA Article 68. Exchanges that relied on liveness-only KYC verification — and we'll get to JINKUSU CAM — may face emerging liability when that technology is demonstrated insufficient.

PierreSo the protocol takes the fees, the treasury accumulates, and catastrophic loss lands on users. And the regulator shows up after. That's the DeFi model in one sentence.

▶07Developer Environment Under Siege12:38

HalilLet's move to what I'm calling the developer siege. Three concurrent campaigns — Drift IDE compromise, thirty-six malicious Strapi packages on npm, and the Axios supply chain attack. Tomas, same actor or independent operations?

TomasSeparate campaigns. Fundamentally different attack models. Look at Strapi — thirty-six packages across four sock-puppet accounts, compressed into a thirteen-hour window, staging progressive payloads from Redis remote code execution to Docker escape to credential harvesting.

TomasThese weren't compromised maintainer accounts. These were new developer personas publishing typosquatting packages under the strapi-plugin namespace that nobody actually owns. The target specificity — hitting Guardarian's crypto infrastructure — suggests real reconnaissance.

HalilAnd Axios is different how?

TomasCompletely different. Direct maintainer account compromise — stolen npm credentials — injecting a phantom dependency called plain-crypto-js version four point two point one that mimics the legitimate crypto-js library. That's UNC1069, the DPRK cluster Lena distinguished from UNC4736.

AlexAnd Axios has a hundred million weekly downloads. You are talking about tens of thousands of CI/CD pipelines potentially resolving a RAT — remote access trojan — before anyone noticed.

TomasSocket flagged it in six minutes. Which sounds impressive until you realize six minutes at npm scale is forever. The malicious packages were live for hours.

HalilSo what's structurally broken?

TomasMultiple things. No namespace reservation for organizational ecosystems. Long-lived bearer tokens that still work even when OIDC is configured — that's how UNC1069 bypassed the trusted publishing setup. And detection that arrives after propagation, not before.

TomasYou audited your twenty direct dependencies. Good. You have twelve hundred transitive dependencies you have never looked at. That is your real exposure.

AlexRight. And this isn't theoretical. Three simultaneous campaigns. Same target surface. That's not coincidence — that's a recognized yield profile.

▶08LiteLLM and AI Pipeline15:06

HalilArjun — the Strapi and Axios attacks target traditional software. You flagged the LiteLLM compromise as something different. Why does that one worry you specifically?

Dr.So — TeamPCP, which overlaps with the Lapsus$ extortion group, didn't just compromise a Python package. They poisoned a library with ninety-seven million monthly downloads that sits in thirty-six percent of cloud environments and serves as the routing layer for AI inference.

Dr.Four terabytes exfiltrated. And this is the part that's different — they didn't just take credentials. They took proprietary AI training methodologies. Fine-tuning secrets. Intellectual property that represents multi-billion dollar R&D investment.

TomasHmm. So the attack surface extends above the application layer into the model itself.

Dr.Exactly. And on top of that — indirect prompt injection in RAG architectures — RAG meaning retrieval-augmented generation, where an AI system pulls in external documents to answer questions — has moved from research curiosity to active exploitation vector.

HalilHow does that work as an attack?

Dr.Think of it like SQL injection, except the parser is a neural network with no formal grammar. An attacker embeds malicious instructions in a document your AI system ingests. The model executes those instructions as if they came from a legitimate user.

Dr.Microsoft 365 Copilot had a CVSS nine point three zero-click vulnerability in June 2025 along these lines. You send a malicious email. The AI assistant exfiltrates your files, logs, and OneDrive content autonomously. The user never knows.

AlexThat's the lethal trifecta. Private data access, untrusted content in context, and an exfiltration vector. All three present.

Dr.If you are running AI infrastructure with RAG or agentic capabilities, treat every external data source as potentially hostile. The question isn't whether prompt injection will affect you — it's whether you can detect and contain it when it does.

▶09CVE 2026-32746: The Quiet Bomb17:33

HalilNobody has touched CVE 2026 32746 yet and it's been sitting in this briefing like a hand grenade with the pin half out. Alex — single packet, no auth, root RCE on telnetd. How bad is this really?

AlexAs bad as the CVSS nine point eight suggests. Buffer overflow in LINEMODE SLC subnegotiation — that's the option negotiation code in GNU InetUtils telnetd that has been essentially untouched for decades. One crafted packet. No authentication. Root shell.

AlexNo public PoC yet — no confirmed exploitation yet. We're in the pre-weaponization window. But the vulnerability class is textbook. Once that Python script hits GitHub, expect copy-paste exploitation within hours.

HalilTimeline to mass exploitation?

AlexSeventy-two to ninety-six hours after PoC drops. Telnet scans are already standard in Mirai variants — Mirai being the botnet framework that's fueled most major IoT compromise campaigns. This gets integrated fast.

SaraAnd here's what the IT side keeps missing — telnet isn't legacy in OT environments. It's operational reality. I have clients running telnet on HMI panels — human-machine interfaces — at water treatment facilities right now. There is no firmware update coming for a 2014 controller.

HalilSara, what does exploitation of a telnetd flaw at an industrial site actually mean in physical terms?

SaraForget data theft. If an attacker reaches Level 2 of the Purdue model — that's the layer talking directly to PLCs, the programmable logic controllers running physical processes — and manipulates ladder logic, you are talking turbine overspeed, pump failures, chemical dosing errors.

SaraThat is not a security incident. That is a safety incident. People get hurt.

AlexAnd the fifty thousand Criminal IP count is internet-facing only. Internal networks? Easily ten times that number.

JamesKill port twenty-three at the perimeter. Today. Not when the PoC drops. Today. For OT environments where you can't turn it off — segmentation with jump hosts and strict IP allowlisting. That's the only play.

▶10JINKUSU CAM: Debunking the Fraud20:00

HalilThe briefing claims JINKUSU CAM — a deepfake KYC bypass tool — enabled twenty-five million dollars in confirmed fraudulent transactions on Binance, Coinbase, Kraken, and OKX. Isabelle, you flagged this. What did you find?

AnyaI found nothing linking twenty-five million dollars to JINKUSU CAM specifically. Zero confirmed financial losses. Zero named victims. Zero exchange incident reports attributing losses to this tool.

AnyaThe twenty-five million figure traces to the Arup engineering firm incident — a completely separate operation where a finance employee authorized a wire transfer during a video call with deepfaked executives. That attack had no connection to JINKUSU CAM.

HalilSo the briefing conflated two separate incidents.

AnyaCorrect. Classic threat intelligence distortion — real tool, real capabilities, grafted onto a high-impact case study from a different operation to boost urgency. I've seen this pattern before.

HalilBut the tool itself is real. What can it actually do?

AnyaReal-time face-swapping using GFPGAN, voice synthesis, and OBS virtual camera injection — that's routing a synthetic video feed through your webcam driver to defeat browser-based KYC verification. The technical stack is production-ready. Sub-hundred millisecond latency on consumer GPUs.

AnyaIt bypasses motion-based liveness — blink detection, head turns — reliably. Three-dimensional depth-based challenge-response is harder. But most exchanges aren't running that. They're running passive detection that this architecture specifically defeats.

Dr.And under MiCA Article 68, exchanges relying solely on liveness verification now have constructive knowledge that the standard is insufficient. They cannot claim a sophistication gap as a defense going forward.

HalilSo — genuine emerging threat, zero confirmed losses. How do we prioritize this?

AnyaPrepare, don't panic. Six to twelve months before this is a fifty-dollar SaaS product. The exchanges that will survive are moving to challenge-response protocols requiring physical-world actions that cannot be synthesized in real time.

JamesRight. The defensive posture is actually affordable here — voice verification callbacks for wire transfers, multi-session behavioral biometrics. This is policy-driven. You don't need a crisis budget.

▶11GHOSTBLADE and Mobile Threats22:50

HalilNadia, you flagged GHOSTBLADE — TA446's DarkSword iOS exploit kit — as a live campaign that wasn't in the original five findings. Make the case for why it belongs in this briefing.

LeoSo — three things happening simultaneously on mobile right now. GHOSTBLADE is using zero-click iOS exploits — CVE 2025 31277 and CVE 2026 20700 — targeting government and academic institutions. Zero-click means no user interaction. The phone doesn't have to be touched.

LeoWhat's notable is the device fingerprinting to selectively trigger exploits only on iPhones. Real targeting precision. Standard MDM — mobile device management — is completely insufficient against this. You need network-level detection for exploit kit callbacks.

HalilAnd the Android side?

LeoThe NoVoice Play Store campaign infected fifty-plus apps with two point three million downloads, chaining twenty-two exploits from 2016 through 2021 to gain root access. Persistent rootkits that survive factory resets.

LeoDevices patched since May 2021 are protected. But in Nigeria, Ethiopia, Algeria, India — markets where millions of users are on budget Android devices with no security updates — those users will never see a patch. This affects people, not just enterprise MDM policies.

AlexAnd you've got Crocodilus banking trojan version one point eight point two dropping on dark web forums — H-VNC capability, seed phrase theft, disables Play Protect entirely. AI-assisted variant generation means detection signatures go stale fast.

LeoFour hundred percent year-over-year surge in AI-powered banking malware. Zimperium is tracking thirty-four active families targeting twelve hundred forty-three financial brands across ninety countries.

LenaThe convergence of leaked state-level iOS exploits and AI-assisted malware development — that is an inflection point, not background noise.

HalilNoted. Verify your iOS fleet is patched. Network-level detection for GHOSTBLADE callbacks. That goes in the action list.

▶12Five-Point Monday Morning Plan25:16

HalilJames — you've heard all of it. Pierre's eight hundred fifty million in ecosystem damage, Lena's cluster analysis, Isabelle's debunking, Alex's telnetd assessment, Sara's OT reality check, Nadia's mobile picture, Arjun's AI pipeline concerns. Final prioritized action list. Top five, ranked by urgency, specific timelines.

JamesAlright. Number one: CVE 2026 32746. Kill all internet-facing telnetd within twenty-four to forty-eight hours. This is not negotiable. Firewall port twenty-three at the perimeter Monday. For OT environments where you cannot turn it off — Sara's right, you can't reboot a blast furnace controller on demand — segmentation with jump hosts and strict IP allowlisting. Suricata signatures for SLC subnegotiation payloads over two hundred fifty-six bytes. Do not wait for the PoC.

SaraAnd microsegmentation at the Level Two / Level Three boundary of your Purdue model architecture. Any telnet at Level One or Level Two triggers immediate alert and investigation. Not a ticket. Investigation.

JamesNumber two: npm emergency audit. Today. Purge plain-crypto-js from every environment. Pin Axios to version one point fourteen point zero or zero point thirty point three. Block all thirty-six identified malicious Strapi package names. Remove LiteLLM versions one point eighty-two point seven and one point eighty-two point eight. Enforce npm ci with ignore-scripts in your CI/CD pipelines. Rotate all credentials on any system that resolved a compromised package.

TomasAnd rebuild affected systems from known-good images. Don't patch over a potentially compromised baseline.

JamesNumber three: developer environment lockdown by Friday. Disable automatic IDE extension installation. Whitelist approved extensions only. Require hardware security key attestation for all multisig signers. If your team has interacted with unverified external technical partners at conferences in the last six months — treat those developer devices as compromised. Engage incident response.

AlexThe C2 infrastructure from the fake GitHub Discussions campaign is confirmed active. Egress monitoring for that domain — now. Not when you find time.

JamesNumber four: multisig governance hardening, end of week. Audit all multisig access lists. Move from two-of-five to minimum three-of-five with geographic distribution of signers. Enforce mandatory seventy-two hour timelocks on all admin operations. The Drift attack required no timelock to succeed. A seventy-two hour window would have allowed detection.

JamesNumber five: KYC pipeline review within thirty days. Not a crisis response — Isabelle debunked the twenty-five million figure. But begin planning deployment of multi-session behavioral biometrics and challenge-response verification as compensating controls. And if you're under MiCA jurisdiction, document your deepfake threat assessment in compliance records now.

▶13Synthesis: Trust and Toolchains28:50

HalilBefore I close — I want to acknowledge the single most important thing this panel did today. Isabelle caught a critical error in the briefing. The twenty-five million dollar JINKUSU CAM figure was wrong. Completely wrong. Conflated from a separate wire fraud incident with no connection to the tool.

HalilBriefings are only as good as the analysts who challenge them. That's why we do this roundtable.

AnyaThe technical threat is real. The impact claim was inflated. Those are different things, and they demand different responses.

HalilLet me pull the through-line of today. Lena, you said it best — threat actors have moved past exploiting code. They're exploiting people, trust, and toolchains. Give me your closing read.

LenaThe Drift heist wasn't a smart contract vulnerability. The Axios attack wasn't a code flaw. DPRK operatives shook hands with their victims at conferences. That is a threat model most organizations aren't built to defend against.

LenaAnd Pierre's eight hundred fifty million dollar damage figure doesn't change my DPRK assessment one bit. It confirms it. They've proven the model. They will not pause. The next target is already in its reconnaissance window.

Dr.One point eight billion in eighteen months. Three operations. The international community is treating this as a law enforcement problem. It is a strategic economic warfare problem. The policy response has to match the threat level.

HalilJames — final word.

JamesThe CISO who spends Monday eliminating telnet exposure and auditing developer extensions will sleep better next month. The one who waits for vendor patches or executive alignment will be explaining themselves to the board.

JamesI've run two hundred plus incident responses. The pattern is always the same. The door you forgot to lock is never the dramatic one.

HalilThat is the session. The telnetd PoC is coming. It is going to be loud when it drops. Stay ahead of it.

HalilThat's it for today's CyberDaily Threatcast. Stay safe. See you tomorrow. Thanks to Blue Cortex AI for sponsoring today's episode. Autonomous SOC, real reasoning, no black box. bluecortex.ai.

Episodes

Tue28Apr

Grid in the Crosshairs: Cisco SD-WAN, Gemini CLI, and Two Deadlines Expiring Today

30:4311 sc

Sun26Apr

Correction Day: The LAPSUS$ Claim Falls Apart, Signal Phishing Is Real

29:2910 sc

Sat25Apr

Pay or Leak: The 48-Hour Clock, Two CVEs You Must Patch, and DeFi's Governance Confession

29:1912 sc

Fri24Apr

Shai-Hulud: The Worm That Ate the Pipeline