##

The North Korean hacking group Lazarus Group launched a cyberattack dubbed "Operation 99," targeting Web3 and cryptocurrency software developers. Attackers posed as recruiters, posting fake job listings on platforms like LinkedIn to lure developers into participating in disguised project testing and code reviews. They then directed the developers to clone GitLab repositories containing malicious code. Once developers cloned the repository, the malware would be implanted into their systems, stealing sensitive data such as passwords, API keys, and cryptocurrency wallet information. Attackers also utilized highly obfuscated command and control (C2) servers to maintain connections, maximizing the concealment of their actions.