iGEN
Visit IGEN World Explore IGEN Expo
EXPLORE UPGRADE PLANS
BREAKING
India must boost oilseed yields to cut edible oil imports, SEA chief says India Air Freights 5 Tonnes of Medical Aid to Afghanistan Under Humanitarian Assistance Tsakos Joins Greek Capesize Ordering Wave at Hengli Heavy Industries How US quietly kept Gulf crude moving despite Iran's Hormuz blockade Rupee Rebounds 31 Paise to 94.29 as Easing Oil, Dollar Index Boost Sentiment Shipping Braces for Monster El Niño as NOAA Warns of Record-Intensity Event Threatening Global Trade Lanes India May Require Refiners to Triple Crude Oil Inventories After Lessons From China Fleets Reposition for Hormuz Reopening Ahead of US-Iran Peace Deal Signing Gold price prediction today: Central bank buying, US-Iran peace deal support gold above $4,300/oz Middle East crude slips into discounts as US-Iran deal lifts global supply outlook India must boost oilseed yields to cut edible oil imports, SEA chief says India Air Freights 5 Tonnes of Medical Aid to Afghanistan Under Humanitarian Assistance Tsakos Joins Greek Capesize Ordering Wave at Hengli Heavy Industries How US quietly kept Gulf crude moving despite Iran's Hormuz blockade Rupee Rebounds 31 Paise to 94.29 as Easing Oil, Dollar Index Boost Sentiment Shipping Braces for Monster El Niño as NOAA Warns of Record-Intensity Event Threatening Global Trade Lanes India May Require Refiners to Triple Crude Oil Inventories After Lessons From China Fleets Reposition for Hormuz Reopening Ahead of US-Iran Peace Deal Signing Gold price prediction today: Central bank buying, US-Iran peace deal support gold above $4,300/oz Middle East crude slips into discounts as US-Iran deal lifts global supply outlook
Home ›› Technology ›› Cybersecurity ›› North Korean Phishing Scheme Targets Developers for Crypto Theft
iGEN
Technology Cybersecurity

North Korean Phishing Scheme Targets Developers for Crypto Theft

A North Korean phishing campaign, led by the group UNK_DeadDrop, targets developers with fake job offers to steal cryptocurrency. This operation mirrors tactics used by Lazarus but employs email-based lures and new payloads.

iG
iGEN Editorial
June 9, 2026
North Korean Phishing Scheme Targets Developers for Crypto Theft

A North Korean phishing campaign has emerged, targeting software developers with the aim of stealing cryptocurrency. The group, known as UNK_DeadDrop, is employing tactics similar to those used by the infamous Lazarus group but with some notable differences.

Phishing Tactics and Targets

The UNK_DeadDrop group is targeting developers through email-based phishing schemes. Unlike the Lazarus group's previous campaigns, which utilized platforms like LinkedIn for social engineering, UNK_DeadDrop relies on unsolicited emails. These emails contain fake job offers or code review requests, enticing developers to run malicious code from GitHub.

  • Lazarus campaigns like Contagious Interview and Operation DreamJob involved creating fake companies and conducting interviews via LinkedIn.
  • UNK_DeadDrop skips the interview process, directly sending phishing emails to potential victims.

New Payloads and Industrialization

The phishing emails from UNK_DeadDrop include new, self-contained payloads that differ from those used in previous campaigns. This shift indicates a maturation and evolution of North Korea-aligned operations targeting developers for financial gain, according to Proofpoint researchers.

"The shift from active social engineering over social media platforms to large campaigns of recruitment-themed phishing emails distributing links to malicious repositories could indicate an actor industrializing and scaling operations," Proofpoint's researchers concluded.

Implications for Enterprises

The industrialization of these phishing operations poses significant risks for enterprises, particularly those in the tech sector. Companies need to be vigilant about unsolicited job offers and code review requests, especially those that require running external code. Implementing robust cybersecurity measures and educating employees about phishing tactics are crucial steps in mitigating these threats.

Conclusion

As North Korean threat actors continue to evolve their tactics, enterprises must remain vigilant. The shift from social media-based social engineering to email-based phishing campaigns reflects a broader trend of industrialized cyber operations. Organizations should prioritize cybersecurity awareness and invest in technologies that can detect and prevent such sophisticated phishing attempts.

Sources: TechRadar – Main Feed

Keep Reading

Recommended Stories

Hackers Use TikTok Videos Promising Free Spotify Premium to Deploy Malware Technology

Hackers Use TikTok Videos Promising Free Spotify Premium to Deploy Malware

A report from ReversingLabs reveals hackers are using TikTok and Instagram Reels videos offering fake free subscriptions to Spotify Premium, Windows, Office, and Adobe to trick victims into running malicious PowerShell commands. The attack installs the Vidar infostealer, which steals passwords, cookies, session tokens, and cryptocurrency wallet data. This marks a shift from email phishing to social engineering on short-form video platforms.

June 12, 2026
North Korea accounts for nearly half of all state-sponsored tech attacks, Crowdstrike finds Technology

North Korea accounts for nearly half of all state-sponsored tech attacks, Crowdstrike finds

A new Crowdstrike report reveals that nearly half (47%) of state-sponsored cyber attacks against US tech companies originate from a single North Korean group, Famous Chollima. The group uses AI-enhanced fake identities to infiltrate remote tech jobs, stealing intellectual property and generating funds that directly support Kim Jong Un's weapons of mass destruction programs.

June 15, 2026
Phishing campaign exploiting Google Cloud links reaches 12,000 servers worldwide Technology

Phishing campaign exploiting Google Cloud links reaches 12,000 servers worldwide

An investigation by Comparitech revealed a coordinated phishing and spam network spanning 12,704 servers across 55 countries. Attackers use Google Cloud Storage links to evade detection, with fake New York Times pages as decoys. 99.8% of servers run end-of-life software, and 89% had no prior abuse history, indicating a rapidly rotating infrastructure aimed at bypassing traditional security tools.

June 11, 2026
New LLM Framework Detects Phishing Emails with Over 90% Accuracy Technology

New LLM Framework Detects Phishing Emails with Over 90% Accuracy

A paper on arXiv introduces LLMPEA, a framework using GPT-4o, Claude Sonnet 4, and Grok-3 to detect phishing emails with over 90% accuracy. The study also reveals vulnerabilities to adversarial attacks, prompt injection, and multilingual attacks, emphasizing the need for hardening before deployment.

June 16, 2026