Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99
Jan 15, 2025
Cryptocurrency / Malware
The North Korea-linked Lazarus Group has been attributed to a new cyber attack campaign dubbed Operation 99 that targeted software developers looking for freelance Web3 and cryptocurrency work to deliver malware. "The campaign begins with fake recruiters, posing on platforms like LinkedIn, luring developers with project tests and code reviews," Ryan Sherstobitoff, senior vice president of Threat Research and Intelligence at SecurityScorecard, said in a new report published today. "Once a victim takes the bait, they're directed to clone a malicious GitLab repository – seemingly harmless, but packed with disaster. The cloned code connects to command-and-control (C2) servers, embedding malware into the victim's environment." Victims of the campaign have been identified across the globe, with a significant concentration recorded in Italy. A lesser number of impacted victims are located in Argentina, Brazil, Egypt, France, Germany, India, Indonesia, Mexico,...