##

The North Korean hacking group Lazarus Group launched a cyberattack dubbed "Operation 99" targeting Web3 and cryptocurrency software developers. The attackers disguised themselves as recruiters and posted fake job postings on platforms like LinkedIn, enticing developers to participate in what appeared to be legitimate project testing and code reviews. Once developers fell for the ploy, they were directed to clone a GitLab repository containing malicious code. This code would inject malware into the victim's system, stealing high-value data such as passwords, API keys, and cryptocurrency wallet information. The attackers also utilized highly obfuscated command and control (C2) servers to maintain connections, maximizing their ability to conceal their activities.