North Korean hackers are phishing developers with bogus job offers.
The Lazarus‑linked UNK_DeadDrop operation posts fake employment listings and sends follow‑up emails that direct recipients to credential‑stealing sites. The scheme aims to harvest logins for crypto wallets and other valuable accounts. TechRadar reports the campaign has been active for several weeks, targeting developers across multiple firms.
This matters because it shows state‑sponsored actors are broadening their attack surface beyond traditional geopolitical targets. By exploiting the hiring market, they can reach technically savvy victims who may have higher‑value access.
If you receive an unsolicited job posting that seems too good to be true, treat it with the same suspicion you would a phishing email – especially when it comes from a region known for cyber espionage (TechRadar).