A significant discovery has been made regarding the Lazarus Advanced Persistent Threat (APT) Group's infrastructure. Analysts have uncovered a domain registered by the group shortly before the $1.4 billion Bybit crypto heist, linked to an email address used in previous attacks. The investigation revealed 27 unique Astrill VPN IP addresses in logs associated with the group's test records. The ongoing campaign involves fake job interviews on LinkedIn to lure victims into downloading malware. The research also uncovered connections to multiple domains likely part of Lazarus infrastructure, with a focus on employment scams targeting the crypto community. The group's tactics include sophisticated social engineering and malware deployment methods.