##

The Lazarus Group, a North Korean hacking group, is targeting Web3 and cryptocurrency developers with a cyberattack dubbed "Operation 99". The attackers are posing as recruiters, enticing developers on platforms like LinkedIn to participate in fake project testing and code reviews. They then trick developers into cloning GitLab repositories containing malicious code, which implants modular malware into victims' systems. These malware steal high-value data such as passwords, API keys, and cryptocurrency wallet information, and maintain connections through heavily obfuscated command-and-control (C2) servers, maximizing stealth. Slowmist CISO 23pds advises developers to be vigilant, avoid clicking on suspicious links, and update security software promptly.