Targeting of GitHub users with an interest in cryptocurrency
Date of report
  • July 2023
North Korean threat actor Lazarus Group used spear-phishing lures to distribute GitHub repositories, usually pretending to be media players or cryptocurrency trading tools, which contain malicious code. The attacks share commonalities with another North Korean cyberattack detected in June 2022, TraderTraitor.
Suspected victims
  • GitHub users interested in cryptocurrency
Suspected state sponsor
  • Korea (Democratic People's Republic of)
Type of incident
  • Espionage
Target category
  • Private sector
Victim government reaction
  • Unknown
Policy response
Suspected state sponsor response