Summary: North Korea’s Lazarus group has initiated a new campaign, dubbed Operation 99, targeting software developers through deceptive job postings on LinkedIn. The attackers lure victims into downloading malicious Git repositories that steal sensitive data, including source code and cryptocurrency. This sophisticated operation showcases the group’s evolving tactics, including the use of AI-generated profiles to enhance credibility and deception.

Threat Actor: Lazarus Group | Lazarus Group
Victim: Software Developers | software developers

Keypoints :

• Attackers use LinkedIn job postings to recruit freelance developers.
• Malicious Git repositories contain malware for stealing source code, cryptocurrency, and sensitive data.
• Enhanced tactics include AI-generated profiles and advanced obfuscation techniques to evade detection.