North Korean hackers are at it again phishing scheme targets hundreds of workers to try and steal crypto and more

Date:
Tue, 09 Jun 2026 18:20:00 +0000

Description:
Lazarus is getting company as UNK_DeadDrop starts luring devs with fake jobs, too.

FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter UNK_DeadDrop targets developers with emailbased fake job lures Campaign mirrors Lazarus tactics but uses new selfcontained payloads Proofpoint says shift to mass phishing shows industrialized NK ops Lazarus is not the only North Korean threat actor that is luring software developers with fake jobs - there is also a hacking group called UNK_DeadDrop now doing a similar thing, but with notable differences.

Security researchers at Proofpoint published an in-depth report looking into an ongoing campaign not unlike the Contagious Interview one. For those
unaware of Contagious Interview, it is one of two major Lazarus campaigns,
the second one being Operation DreamJob. The crooks would fake everything - a company, its employees, as well as projects, and then go to LinkedIn for a hiring spree. They would reach out to software developers working in high-profile AI and Web 3 organizations and would offer high-paying jobs and
a chance to work on exciting new projects. Latest Videos From Watch full
video here: Similarities and differences The hiring process, however, would include a trial assignment, which often required the victims to run malicious code from GitHub. After infecting their targets with infostealers, the crooks would access company profiles, exfiltrate crypto wallet information, and then steal as many tokens as possible.

According to some sources, Lazarus alone was able to steal billions of
dollars in crypto throughout the years. You may like Microsoft experts warn North Korean attackers are targeting macOS users North Korea-linked hackers are using fake Zoom meetings to target crypto execs Lazarus steals $290M crypto in in Kelp DAO theft

While UNK_DeadDrop is more-or-less doing the same thing, its approach is somewhat different. Instead of using LinkedIn for initial contact, these attackers rely mostly on email. They dont arrange fake interviews, but rather just send unsolicited job offers or code review requests. And finally, they use a new, self-contained payload distinct from what was previously seen in Contagious Interview campaigns.

UNK_DeadDrop activity suggests North Korea-aligned operations targeting developers for financial gain are maturing and evolving, Proofpoints researchers concluded. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners
or sponsors By submitting your information you agree to the Terms &
Conditions and Privacy Policy and are aged 16 or over.

The shift from active social engineering over social media platforms to conduct fake interviews to large campaigns of recruitment-themed phishing emails distributing links to malicious repositories could indicate an actor industrializing and scaling operations.

Via The Register The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



======================================================================
Link to news story: https://www.techradar.com/pro/security/north-korean-hackers-are-at-it-again-ph ishing-scheme-targets-hundreds-of-workers-to-try-and-steal-crypto-and-more


--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)