Security Company: LummaC2 Virus Infected North Korean Hacker Devices Related to Bybit Theft Case

According to Hackread.com, cybersecurity company Hudson Rock discovered an infected device while analyzing a LummaC2 information-stealing malware log, with the operator suspected to be a malware developer from a North Korean state-sponsored hacking group.

The device was used to build the infrastructure supporting the $1.4 billion theft from the cryptocurrency exchange Bybit in February 2025. Analysis indicated that the credentials found on the device were linked to domains registered prior to the attack, which were used to impersonate Bybit. The device itself was high-end, equipped with development tools such as Visual Studio and Enigma Protector, as well as communication and data storage applications like Astrill VPN, Slack, and Telegram. Its activity traces also showed that the attackers purchased relevant domain names and prepared fake Zoom installers to carry out phishing attacks. This finding rarely reveals the internal operational details of asset sharing in North Korean-supported hacking activities.