Overview
The advanced persistent threat (APT) group Lazarus has launched Operation 99, targeting Web3 and cryptocurrency developers through sophisticated social engineering techniques. The campaign leverages fake LinkedIn profiles and malicious GitLab repositories to deploy multi-platform malware across 13 countries.## Whom it may concern* Web3 developers and cryptocurrency professionals* Software development organizations* Cryptocurrency exchanges and platforms* Information security teams## Key Findings1. Sophisticated social engineering campaign using AI-generated profiles and legitimate-looking code repositories2. Multi-platform malware targeting Windows, macOS, and Linux systems3. Three-stage attack chain deploying Main5346, Payload99/73, and MCLIP malware4. Geographic spread across 13 countries with highest concentration in Italy## Risk Analysis* Attack Probability: High (based on ongoing campaign activity)* Financial Impact: Potentially millions in cryptocurrency theft* Data Loss Risk: Critical intellectual property and source code* Attack Success Rate: Significant due to sophisticated social engineering## Action Items* Implement multi-factor authentication for development environments* Deploy advanced endpoint protection on developer systems* Establish strict code review procedures for external repositories* Conduct security awareness training focused on social engineering* Monitor for suspicious GitLab activity and unauthorized repository access
