North Korean Hackers Exploit React2Shell Vulnerability in Crypto Sector

North Korean Hackers Exploit React2Shell Vulnerability in Crypto Sector

First seen 9 Mar 2026, 10:08 UTC AolPhemexKucoinMexcCryptotimes+2 79% similarity 60.9

Article Content

Browse articles
ThreatCluster

A group of hackers suspected to be linked to North Korea has targeted cryptocurrency firms, exploiting the React2Shell vulnerability (CVE-2025-55182). The attackers compromised AWS access credentials to infiltrate cloud environments and extract sensitive data from various resources, including S3 and EC2 instances.

ThreatCluster AI

Timeline

2025-12-03
CVE-2025-55182 published
2025-12-05
CVE-2025-55182 added to CISA KEV for active exploitation
2025-12-14
First public PoC for CVE-2025-55182
2026-03-09
Security firm Ctrl-Alt-Intel reports on North Korean attacks

Community

Browse all →