Show thread⚯ Michel de Cryptadamus ⚯Apr 18, 2025

2/ ...and it just so happens that #PaloAlto released a long investigation into a newer and less well known North Korean crypto operation called "Slow Pisces" and/or "Jade Sleet" at the same time.

This time the #DRPK's crypto thieves pose as recruiters on LinkedIn and try to lure developers into doing various coding challenges hosted on #GitHub as part of a job interview. Doing a challenge leads to infection with custom Python #malware.

https://unit42.paloaltonetworks.com/slow-pisces-new-custom-malware/

#NorthKorea #LazarusGroup #crypto #cybersecurity #infosec #espionage #programming #Stellar #Metamask #NickLFranklin #SlowPisces #JadeSleet #Python #macOS #GitHub

Slow Pisces Targets Developers With Coding Challenges and Introduces New Customized Python Malware

North Korean state-sponsored group Slow Pisces (Jade Sleet) targeted crypto developers with a social engineering campaign that included malicious coding challenges. North Korean state-sponsored group Slow Pisces (Jade Sleet) targeted crypto developers with a social engineering campaign that included malicious coding challenges.

Unit 42
⚯ Michel de Cryptadamus ⚯Apr 17, 2025

1/ Deep dive case study of the kind of open source contributions and #GitHub astroturfing that North Korean hackers employ to try get jobs as devs at crypto companies, this time in an attempt to infiltrate #onlyDust.

tl;dr DPRK hackers use contributions to FOSS projects to build cred, after which, armed with AI video avatars, they try to leverage the cred into success in interviews for blockchain development jobs.

I've said it before but i'll say it again: the one real upside of crypto is that the industry draws close to 100% of the incoming fire from sophisticated #DPRK threat actors like Lazarus Group who would otherwise be hacking banks.

https://www.ketman.org/dprk-it-workers-in-freelance-platform-onlyDust.html

#NorthKorea #LazarusGroup #crypto #cybersecurity #infosec #FOSS #opensource #espionage #programming #Stellar #Metamask #NickLFranklin

DPRK IT Workers in Open Source and Freelance Platforms

A cluster of actors discovered in onlyDust.com freelancer platform and beyond