The article details a North Korean operation, led by the Lazarus Group's Famous Chollima division, that recruits unsuspecting IT workers in the U.S. for corporate espionage. It explores their methods, including social engineering and identity fraud, to infiltrate companies in the finance and crypto sectors. The investigation reveals how they operate while maintaining a façade of legitimacy.

North Korean threat actor UNC5342 has begun using a technique called EtherHiding to deliver malware and steal cryptocurrency, marking a significant evolution in nation-state cyber threats. This method involves embedding malicious JavaScript within smart contracts on public blockchains, allowing attackers to retrieve payloads stealthily and without leaving a trace. The ongoing social engineering campaign targets developers with fake job offers to facilitate these attacks.