Kucoin
North Korean Hackers Exploit React2Shell Vulnerability in Crypto Sector
First seen 9 Mar 2026, 10:08 UTC
•



+2
•79% similarity
•60.9
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
A group of hackers suspected to be linked to North Korea has targeted cryptocurrency firms, exploiting the React2Shell vulnerability (CVE-2025-55182). The attackers compromised AWS access credentials to infiltrate cloud environments and extract sensitive data from various resources, including S3 and EC2 instances.
ThreatCluster AI
Timeline
2025-12-03
CVE-2025-55182 published
2025-12-05
CVE-2025-55182 added to CISA KEV for active exploitation
2025-12-14
First public PoC for CVE-2025-55182
2026-03-09
Security firm Ctrl-Alt-Intel reports on North Korean attacks