North Korean hackers are at it again — phishing scheme targets hundreds of workers to try and steal crypto and more

1. Pro
2. Security

North Korean hackers are at it again — phishing scheme targets hundreds of workers to try and steal crypto and more News By Sead Fadilpašić published 9 June 2026

Lazarus is getting company, experts warn

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

(Image credit: Shutterstock)

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Threads
• Email

Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter

• UNK_DeadDrop targets developers with email‑based fake job lures
• Campaign mirrors Lazarus tactics but uses new self‑contained payloads
• Proofpoint says shift to mass phishing shows industrialized NK ops

Lazarus is not the only North Korean threat actor that is luring software developers with fake jobs - there is also a hacking group called UNK_DeadDrop now doing a similar thing, but with notable differences.

Security researchers at Proofpoint published an in-depth report looking into an ongoing campaign not unlike the Contagious Interview one.

For those unaware of Contagious Interview, it is one of two major Lazarus campaigns, the second one being Operation DreamJob. The crooks would fake everything - a company, its employees, as well as projects, and then go to LinkedIn for a “hiring spree.” They would reach out to software developers working in high-profile AI and Web 3 organizations and would offer high-paying jobs and a chance to work on exciting new projects.

Latest Videos FromWatch full video here:

Similarities and differences

The hiring process, however, would include a trial assignment, which often required the victims to run malicious code from GitHub. After infecting their targets with infostealers, the crooks would access company profiles, exfiltrate crypto wallet information, and then steal as many tokens as possible.

According to some sources, Lazarus alone was able to steal billions of dollars in crypto throughout the years.

You may like

• Microsoft experts warn North Korean attackers are targeting macOS users
• North Korea-linked hackers are using fake Zoom meetings to target crypto execs
• Lazarus steals $290M crypto in in Kelp DAO theft

While UNK_DeadDrop is more-or-less doing the same thing, its approach is somewhat different. Instead of using LinkedIn for initial contact, these attackers rely mostly on email. They don’t arrange fake interviews, but rather just send unsolicited job offers or code review requests. And finally, they use a new, self-contained payload distinct from what was previously seen in Contagious Interview campaigns.

“UNK_DeadDrop activity suggests North Korea-aligned operations targeting developers for financial gain are maturing and evolving,” Proofpoint’s researchers concluded.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

“The shift from active social engineering over social media platforms to conduct fake interviews to large campaigns of recruitment-themed phishing emails distributing links to malicious repositories could indicate an actor industrializing and scaling operations.”

Via The Register

The best antivirus for all budgetsOur top picks, based on real-world testing and comparisons

➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

CATEGORIES Cyber Security Computing Security Computing Sead FadilpašićSocial Links Navigation

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

View More

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Logout Read more Security Microsoft experts warn North Korean attackers are targeting macOS users    Security North Korea-linked hackers are using fake Zoom meetings to target crypto execs    Security Lazarus steals $290M crypto in in Kelp DAO theft    Security 'Hundreds of thousands of stolen secrets could potentially be circulating as a result of these recent attacks': Google says North Korean hackers behind major attack on Axios    Security New cyber scam abuses Microsoft Teams to steal your data    Security North Korean hackers target gamers with trojanized platform - here's what to look out for    Latest in Security Pro New iOS 27 Passwords app can automatically change your passwords for you    Security Check Point says VPN attacks caused by Qilin ransomware group    Security Microsoft disables over 70 GitHub repos after hackers compromised them with dangerous malware    Security Update Chrome now — Google patches new zero-day flaw already being exploited    Security US citizen pleads guilty to spying for the People's Republic of China    Security WordPress users beware — experts claim sites are being hijacked using a critical flaw in popular Everest Forms Pro plugin    Latest in News Gaming Hold out for a little longer FromSoft fans — The Duskbloods will get a closed network test this summer, but a release date for the full game has yet to be announced    Gaming The rumors were true! The Legend of Zelda: Ocarina of Time 'will be reborn' on Nintendo Switch 2 this year    Pro The working class are rallying to oppose data centers at 5 times the rate of wealthy neighborhoods – the great unifier is helping workers punch up, and it's super effective    VPN Privacy & Security Russia’s solution to its VPN crackdown breaking the internet? A state-owned VPN    VPN Privacy & Security ‘Surveillance is not safety’ — UK’s device scanning order faces privacy backlash    Hulu The Bear season 5 finally has a trailer — and it looks like the most stressful chapter yet    LATEST ARTICLES

1. 1Best World Cup 2026 eSIM deals — Stay connected from the opening game to the final whistle
2. 2Amazon wants to end dodgy knockoffs with its own AI-generated custom merch printing
3. 3Secretlab's already perfected the gaming chair — and now it's going for the home office market with its new Atlas model
4. 4Hands on: I've spent over 35 hours sitting in Secretlab's new Atlas task chair and there's a lot I like about it — but I'm still not sure it will dethrone my Herman Miller
5. 5Bowers & Wilkins just blew me away with its new 801 D5 speakers — here’s what I made of the model after attending a demo at at High End Vienna