2025-01-17 16:36:15 Pacfic
North Korea Lazarus targets software developers. - 1d
North Korea's Lazarus APT group is actively targeting software developers, especially those in Web3 and cryptocurrency, through fake job postings on platforms like LinkedIn. These fake recruitment emails and job postings, often utilizing realistic AI-generated profiles, lure developers into downloading malicious Git repositories. These repositories contain malware that allows the attackers to steal source code, cryptocurrency, and sensitive data. Once compromised, the developers' systems can be used in supply chain attacks, potentially affecting wider projects and enterprises. The campaign, known as Operation 99, uses layered malware delivered through downloaders like Main99, which executes payloads like Payload 99/73, brow99/73, and MCLIP, enabling keylogging, clipboard monitoring, and data exfiltration from development environments.
This operation is part of a broader strategy by the Lazarus Group to generate income for North Korea's regime by targeting cryptocurrency assets and software development ecosystems. The stolen funds are used to finance Kim Jong Un's nuclear ambitions while circumventing international sanctions. This tactic has been deployed globally, with known targets in Argentina, Brazil, Egypt, and other countries. The Lazarus Group also utilizes North Korean IT workers posing as job candidates, adding another vector for infiltrating target companies and further demonstrates the evolving sophistication of state-sponsored cyber threat actors. This also highlights the importance of heightened cyber security awareness within both the public and private sector.
ImgSrc: eu-images.contentstack.com
References:
- ciso2ciso.com - North Korea’s Lazarus APT Evolves Developer-Recruitment Attacks – Source: www.darkreading.com - 1d
- @screaminggoat - North Korean state-sponsored APT Lazarus (Group) is targeting software developers looking for freelance Web3 and cryptocurrency work. - 1d
- CISO2CISO.COM & CYBER SECURITY GROUP - North Korea’s Lazarus APT Evolves Developer-Recruitment Attacks – Source: www.darkreading.com - 20h
- securityscorecard.com - SecurityScorecard : North Korean state-sponsored APT Lazarus (Group) is targeting software developers looking for freelance Web3 and cryptocurrency work in what SecurityScorecard calls Operation 99. - 20h
- www.cybersecurity-insiders.com - North Korea targeting software developers with Malware - 20h
- SCM feed for Threat Management - New Lazarus Group attack campaign sets sights on freelance software developers - 17h
- osint10x.com - Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99 - 15h
- The Hacker News - Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99 - 15h
Classification:
- HashTags: APT SupplyChainAttack CyberEspionage
- Company: North Korea
- Target: software developers
- Attacker: Lazarus Group
- Product: software development
- Feature: developer recruitment
- Type: Espionage
- Severity: Major