1. Forum
  2. FidoNet
  3. CONSPRCY

  • North Korean hackers are at it again

    From Mike Powell@1:2320/105 to All on Wed Jun 10 08:07:44 2026
    North Korean hackers are at it again phishing scheme targets hundreds of workers to try and steal crypto and more

    Date:
    Tue, 09 Jun 2026 18:20:00 +0000

    Description:
    Lazarus is getting company as UNK_DeadDrop starts luring devs with fake jobs, too.

    FULL STORY
    Lazarus is not the only North Korean threat actor that
    is luring software developers with fake jobs - there is also a hacking group called UNK_DeadDrop now doing a similar thing, but with notable differences.

    Security researchers at Proofpoint published an in-depth report looking into an ongoing campaign not unlike the Contagious Interview one. For those
    unaware of Contagious Interview, it is one of two major Lazarus campaigns,
    the second one being Operation DreamJob. The crooks would fake everything - a company, its employees, as well as projects, and then go to LinkedIn for a hiring spree. They would reach out to software developers working in high-profile AI and Web 3 organizations and would offer high-paying jobs and
    a chance to work on exciting new projects. The hiring process, however, would include a trial assignment, which often required the victims to run malicious code from GitHub. After infecting their targets with infostealers, the crooks would access company profiles, exfiltrate crypto wallet information, and then steal as many tokens as possible.

    According to some sources, Lazarus alone was able to steal billions of
    dollars in crypto throughout the years.

    While UNK_DeadDrop is more-or-less doing the same thing, its approach is somewhat different. Instead of using LinkedIn for initial contact, these attackers rely mostly on email. They dont arrange fake interviews, but rather just send unsolicited job offers or code review requests. And finally, they use a new, self-contained payload distinct from what was previously seen in Contagious Interview campaigns.

    UNK_DeadDrop activity suggests North Korea-aligned operations targeting developers for financial gain are maturing and evolving, Proofpoints researchers concluded.

    The shift from active social engineering over social media platforms to conduct fake interviews to large campaigns of recruitment-themed phishing emails distributing links to malicious repositories could indicate an actor industrializing and scaling operations.

    Via The Register

    Link to news story: https://www.techradar.com/pro/security/north-korean-hackers-are-at-it-again-ph ishing-scheme-targets-hundreds-of-workers-to-try-and-steal-crypto-and-more

    $$
    --- MultiMail/DOS
    * Origin: Capitol City Hub (1:2320/105)