Hunting Lazarus Part VI: The Factory That Ate Its Workers
Contents
Hunting Lazarus Part VI: The Factory That Ate Its Workers
Five operator workstations appeared in the campaign's own victim database. The same exfiltration pipeline that harvested developer credentials, wallet material, and source-repository tokens had ingested the staff who ran it — the supervisor, a persona operator, a test workstation, a provisioning workstation, and an operator infection that persisted sixty-eight days.
This is Part VI of the "Hunting Lazarus" series. The earlier installments documented the Contagious Interview campaign run by Lazarus Group – the DPRK-linked APT – which targets cryptocurrency and Web3 developers with fake job interviews, fabricated company identities, and malicious code repositories. Part V ended on the forensic acquisition of a single operator VPS. This installment moves outward from that machine to the broader victim database, the operators who appeared inside it, and the design failure that put them there.
How a global credential-theft pipeline consumed the operators who ran it.
The victim …
Five operator workstations appeared in the campaign's own victim database. The same exfiltration pipeline that harvested developer credentials, wallet material, and source-repository tokens had ingested the staff who ran it — the supervisor, a persona operator, a test workstation, a provisioning workstation, and an operator infection that persisted sixty-eight days.
This is Part VI of the "Hunting Lazarus" series. The earlier installments documented the Contagious Interview campaign run by Lazarus Group – the DPRK-linked APT – which targets cryptocurrency and Web3 developers with fake job interviews, fabricated company identities, and malicious code repositories. Part V ended on the forensic acquisition of a single operator VPS. This installment moves outward from that machine to the broader victim database, the operators who appeared inside it, and the design failure that put them there.
How a global credential-theft pipeline consumed the operators who ran it.
The victim …