##

The North Korean hacking group Lazarus Group launched a cyberattack dubbed "Operation 99" targeting Web3 and cryptocurrency software developers. The attackers masqueraded as recruiters, posting fake job listings on platforms like LinkedIn, to entice developers to participate in disguised project testing and code reviews. Once victims took the bait, they were led to clone a GitLab repository containing malicious code, effectively injecting malware into their systems. These malicious programs could steal sensitive data such as passwords, API keys, cryptocurrency wallet information, and maintained connections through highly obfuscated command and control (C2) servers to maximize stealth.