Lazarus Group Targets Crypto Devs in 'Operation 99'
An ongoing cyber campaign, dubbed 'Operation 99', is targeting software developers, focusing on those in the cryptocurrency sector, particularly freelancers. The campaign, attributed to the Lazarus group, highlights security vulnerabilities in the developer ecosystem, putting valuable intellectual property and digital assets at risk.
The campaign employs upgraded malware with enhanced obfuscation and adaptability capabilities. Attackers pose as recruiters on platforms like LinkedIn, luring targets with fake coding projects. Once engaged, the attackers deploy a multi-stage malware system with modular components to steal sensitive data, including source code, secrets, configuration files, and cryptocurrency wallet keys.
The campaign uses a malicious GitLab repository named 'coin promoting Webapp' to initiate the attack. The Lazarus group has evolved its tactics to include targeted attacks on developers in the tech supply chain, demonstrating a specialized focus on freelance developers in the cryptocurrency sector.
Organizations are urged to adopt proactive security measures to protect their developer environments. These include enhanced code repository verification and advanced endpoint security solutions. The company behind the IP address range of the C2 server used in the campaign is typically related to cloud service providers or hosting companies, but specific identification requires current threat intelligence reports.
Read also:
- Web3 social arcade extends Pixelverse's tap-to-earn feature beyond Telegram to Base and Farcaster platforms.
- Over 5,600 Road Safety Violations Caught in Manchester Trial
- Quintauris & Everspin Team Up to Boost RISC-V Reliability in Automotive
- Jaguar Land Rover Resumes Production After Cyberattack, UK Govt & Banks Provide £3.5B Support
