Targeting of GitHub users with an interest in cryptocurrency

Date of report

July 2023

Affiliations

Lazarus Group

North Korean threat actor Lazarus Group used spear-phishing lures to distribute GitHub repositories, usually pretending to be media players or cryptocurrency trading tools, which contain malicious code. The attacks share commonalities with another North Korean cyberattack detected in June 2022, TraderTraitor.

Suspected victims

GitHub users interested in cryptocurrency

Suspected state sponsor

Korea (Democratic People's Republic of)

Type of incident

Espionage

Target category

Private sector

Victim government reaction

Unknown

Policy response

Unknown

Suspected state sponsor response

Unknown

Security alert: social engineering campaign targets technology industry employees
TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies

Cyber Operations Tracker

CFR.org

Topics

Regions

Explainers

Research & Analysis

Communities

Events