{
  "name": "How Lazarus's IT Workers Scheme Was Caught Live on Camera",
  "slug": "how-lazaruss-it-workers-scheme-was-caught-live-on-camera",
  "description": "This report details an investigation into a North Korean infiltration operation by the Lazarus Group's Famous Chollima division. The operation aims to deploy remote IT workers in American financial and crypto/Web3 companies for corporate espionage and funding. Researchers posed as potential recruits and used sandboxed environments to monitor the operators' activities in real-time. The investigation revealed the group's tactics, including identity theft, social engineering, and the use of AI tools. The operators displayed poor operational security, sharing infrastructure and making repeated mistakes. The report provides insights into the group's recruitment methods, toolset, and communication patterns, offering a rare inside view of their operations.",
  "published": "2025-12-09T11:38:10+00:00",
  "created_at": "2025-12-09T11:38:10+00:00",
  "modified_at": "2025-12-21T17:50:07+00:00",
  "created_at_opencti": "2025-12-09T11:38:10+00:00",
  "author": "",
  "confidence": null,
  "report_types": [],
  "labels": [],
  "tags": [
    "2025-12-09",
    "corporate espionage",
    "cryptocurrency",
    "identity theft",
    "it worker infiltration",
    "north korea",
    "sandbox analysis",
    "social engineering"
  ],
  "related_entities": {
    "observables": [
      {
        "id": "",
        "name": "194.33.45.162"
      },
      {
        "id": "",
        "name": "https://www.linkedin.com/in/jackson-kidd-1680b2339/"
      },
      {
        "id": "",
        "name": "https://us.bold.pro/my/jaron-gaston-241007104612"
      },
      {
        "id": "",
        "name": "https://jackson-portfolio.vercel.app"
      },
      {
        "id": "",
        "name": "https://t.me/peregrine423f"
      },
      {
        "id": "",
        "name": "https://github.com/neymafullstack"
      },
      {
        "id": "",
        "name": "https://calendly.com/7codewizard/30min"
      },
      {
        "id": "",
        "name": "https://github.com/swiftcode1121"
      },
      {
        "id": "",
        "name": "https://github.com/ghost"
      },
      {
        "id": "",
        "name": "https://github.com/7codewizard"
      },
      {
        "id": "",
        "name": "kamaunjoroge296@gmail.com"
      },
      {
        "id": "",
        "name": "jacksonkidd216@gmail.com"
      }
    ],
    "intrusion_sets": [
      {
        "id": "d2b5aa2b-bc65-4386-815b-a57f178dd3e6",
        "name": "Lazarus Group (Famous Chollima division)",
        "slug": "lazarus-group-famous-chollima-division"
      }
    ],
    "attack_patterns": [
      {
        "id": "3e753709-1776-42f4-b465-278cb5f6ea6b",
        "name": "T1614"
      },
      {
        "id": "d9b45b3b-d093-4016-89e9-48f31ff4d05d",
        "name": "T1566"
      },
      {
        "id": "ca53b2fa-42a8-45ec-9682-0cf54bf280f3",
        "name": "T1090"
      },
      {
        "id": "dc17cbbd-40d8-43cf-b3cf-50d1276db2c7",
        "name": "T1016"
      },
      {
        "id": "c12e0e03-aab0-4646-a929-e921a3d27f02",
        "name": "T1219"
      },
      {
        "id": "bf9568ce-0a08-44d4-93a4-069e1d1dc975",
        "name": "T1593.002"
      },
      {
        "id": "70616b2f-4019-4963-b758-5d9f6f20e201",
        "name": "T1082"
      }
    ],
    "others": [
      {
        "id": "",
        "name": "United States of America"
      },
      {
        "id": "",
        "name": "Finance"
      },
      {
        "id": "",
        "name": "Technologies"
      }
    ]
  },
  "external_refs": [
    "https://otx.alienvault.com/pulse/69381832f6030155b532bf71",
    "https://any.run/cybersecurity-blog/lazarus-group-it-workers-investigation/"
  ]
}