Cybersecurity Brief – April 4, 2026

North Korean State Actors Execute Year's Largest Crypto Heist

North Korean state-sponsored hackers successfully exploited Solana-based Drift Protocol for $285 million on April 1st, marking 2026's largest cryptocurrency breach. TRM Labs analysis indicates attackers conducted on-chain staging beginning March 11, ultimately compromising multisig controls through social engineering. The incident follows established patterns of DPRK-linked groups targeting decentralized finance platforms to circumvent international sanctions and fund state operations.

Supply Chain Compromises Expose Critical Infrastructure

CERT-EU attributed the theft of 92GB of European Commission data to the TeamPCP hacking group, which exploited a Trivy supply-chain compromise to access AWS infrastructure. The stolen data was subsequently leaked by ShinyHunters. In a separate incident, Anthropic's accidental release of over 512,000 lines of Claude Code source code through a misconfigured npm package is now being actively weaponized—threat actors are deploying fake GitHub repositories distributing Vidar infostealer malware and conducting typosquatting campaigns targeting exposed internal dependencies.

Mobile Platforms Under Active Attack

Kaspersky identified a sophisticated SparkCat malware variant infiltrating both Apple App Store and Google Play that uses OCR technology to extract cryptocurrency recovery phrases from users' photo galleries. WhatsApp separately notified approximately 200 users, predominantly in Italy, who were tricked into installing a counterfeit iOS app containing spyware developed by Italian firm Asigint. Meanwhile, China-linked APT group TA416 has intensified operations against European government entities using PlugX malware and OAuth-based phishing, deploying DLL side-loading techniques to establish persistence.

Sources: The Crimson · The Hacker News · CCN · TRM Labs · TechCrunch · Bloomberg · Bleeping Computer · Security Week