#null#
Hot Topic Overview
Overview
The Lazarus Group, a North Korean hacking group, has launched a cyberattack dubbed "Operation 99" targeting Web3 and cryptocurrency software developers. The attackers masquerade as recruiters, luring developers on platforms like LinkedIn to participate in disguised project testing and code reviews, inducing them to clone GitLab repositories containing malicious code, thereby implanting modular malware into victims' systems. These malware can steal sensitive data like passwords, API keys, cryptocurrency wallet information, and maintain a connection with highly obfuscated command and control (C2) servers, minimizing their footprint.
Ace Hot Topic Analysis
Analysis
Recently, SlowMist CISO 23pds disclosed a cyberattack operation codenamed "Operation 99" launched by the North Korean hacking group Lazarus Group, targeting Web3 and cryptocurrency developers. The operation used fake recruiters as bait, enticing developers through platforms like LinkedIn to participate in disguised project testing and code audits. Ultimately, it lured them into cloning a GitLab repository containing malicious code, implanting modular malware into the victims' systems. This malware possesses cross-platform adaptability, enabling it to steal high-value data like passwords, API keys, cryptocurrency wallet information, and maintain connections through highly obfuscated command and control (C2) servers, minimizing the visibility of its actions. This attack serves as a reminder for developers to enhance their security awareness, exercise caution with project testing and code audit requests from unfamiliar sources, avoid cloning code repositories of uncertain origins, and promptly update security software to safeguard against such attacks.