Summary: A recently exposed cyber espionage operation known as “Operation Phantom Circuit,” led by North Korea’s Lazarus Group, has targeted cryptocurrency firms and supply chains globally since September 2024. This sophisticated attack employs advanced obfuscation techniques and a specialized web-based dashboard for real-time control and data management. Investigators attribute 233 confirmed compromises to this ongoing campaign, with a significant focus on supply chain attacks through legitimate software packages.

Affected: Cryptocurrency firms, software developers, supply chains worldwide

Keypoints :

• Operation Phantom Circuit is a sophisticated data exfiltration campaign by North Korea’s Lazarus Group.
• The campaign uses supply chain attacks by embedding backdoors in legitimate software, targeting vulnerable developers.
• A newly discovered web-based administrative panel allows real-time management of compromised systems and exfiltrated data.
• 233 confirmed compromises have been identified, with the operation impacting numerous countries, notably India and Brazil.
• Stolen data is exfiltrated through Dropbox services, highlighting the group’s innovative use of legitimate cloud platforms.