The 'Operation AppleJeus' campaign begins, marking a concerted effort by North Korean actors to target the cryptocurrency industry with trojanized applications.

Mandiant formally identifies UNC4736 as the group behind the double supply chain compromise of 3CX's VoIP software, initiated via a trojanized X_TRADER app.

Microsoft reports on Citrine Sleet exploiting a zero-day vulnerability (CVE-2024-7971) in the Chromium browser engine to compromise targets in the crypto sector.

The group executes a heist targeting Radiant Capital, a DeFi lending platform, resulting in the theft of approximately $50 million in cryptocurrency.

After a six-month intelligence operation, the group executes an attack on Drift Protocol, stealing approximately $270 million in digital assets.