SlowMist CISO 23pds revealed in a post on X: "North Korean hackers launched a cyber attack on Web3 and cryptocurrency software developers called'Operation 99 '. The operation started with fake recruiters and was conducted on platforms such as LinkedIn, using project testing and code reviews to lure developers." Once the victim takes the bait, they are led to clone a malicious GitLab repository, seemingly harmless but full of disaster. The clone code connects to a command and control (C2) server, embedding the malicious software into the victim's environment and taking control of the victim's computer. "