#null#

Recently, the North Korean hacking group Lazarus Group launched a cyberattack campaign called "Operation 99" targeting Web3 and cryptocurrency software developers. The attackers impersonated recruiters, posting fake job listings on platforms like LinkedIn, enticing developers to participate in disguised project testing and code reviews, and guiding them to clone GitLab repositories containing malicious code. Once developers fell for the trick, malware was implanted into their systems, stealing high-value data such as passwords, API keys, cryptocurrency wallet information, and more. The operation utilized cross-platform adaptive malware and maintained connections through highly obfuscated command and control (C2) servers to maximize stealth.