Pyongyang's recent campaign seems to be a twofer, combining espionage with theft.
Operation In(ter)ception: social engineering by the Lazarus Group.
Researchers at SentinelOne warn that North Korea’s Lazarus Group is using phony Crypto.com job offers to distribute macOS malware. The researchers aren’t sure how the lures are being distributed, but they suspect the attackers are sending spearphishing messages on LinkedIn. SentinelOne notes that this campaign “appears to be extending the targets from users of crypto exchange platforms to their employees in what may be a combined effort to conduct both espionage and cryptocurrency theft.”
Roger Grimes, data-driven defense evangelist at KnowBe4, commented:
“Social engineering is involved in 70% to 90% of all successful hacker and malware attacks, in general. In the crypto world it seems even more so. The cryptocurrency world...the metaverse...web 3.0...whatever you're calling it, is ripe for social engineering and attackers are taking advantage of it. Mitigating social engineering threats any way you can, using the best defense-in-depth combination of policies, technical defenses, and education has always been what every organization needed to do more of, but this is especially so for any person or organization getting involved with any of the new web 3.0, metaverse technologies. It's just a very unsafe place right now...even more so than the general Internet, which is already an unsafe place. The crypto world is an extremely unsafe place in an already unsafe place.”