A North Korean state-sponsored hacking crew is now using public blockchains to host malicious payloads, according to new research from Google’s Threat Intelligence Group (GTIG). The campaign, which leverages a technique known as “EtherHiding,” is the first documented case of a nation-state actor adopting smart contract malware delivery to evade detection and disrupt takedowns.
Google attributes the activity to UNC5342, a group it links to the long-running “Contagious Interview” operation…