North Korea’s UNC4899: The LinkedIn Hackers Stealing Crypto Millions with a Smile

UNC4899, a North Korea-linked threat actor, cleverly targets employees via LinkedIn and Telegram, luring them with fake software gigs. Their social engineering finesse has led to million-dollar cryptocurrency heists and exploitation of cloud environments. Even Google Cloud wasn’t spared, though MFA put up a good fight!

3P
Published: July 31, 2025 1:53 pmAdded: July 31, 2025 at 7:05 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Looks like TraderTraitor is making LinkedIn job offers that are simply too good to be true—unless you’re a fan of financial ruin. Who knew that the real danger of online job hunting was less about ghosting and more about getting ghosted by your own cryptocurrency?

Key Points:

  • North Korea’s UNC4899 is targeting organizations via LinkedIn and Telegram, posing as freelance work opportunities.
  • They are notorious for stealing billions from cryptocurrency platforms, with a penchant for advanced social engineering.
  • They exploit cloud services like Google Cloud and AWS using stolen credentials.
  • UNC4899 cleverly disables MFA to gain access, but their efforts are sometimes thwarted by advanced security measures.
  • Sonatype has identified a surge in malware targeting npm and PyPI, linked to North Korea’s Lazarus Group.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?