Highly Accurate (78%) — @malwaretech@infosec.exchange on ClearFeed

78Trust

Highly Accurate

🔍 Web Verified🔍 Search Verified

Marcus Hutchins :verified:onMastodon22h ago

I spent nearly 4 months investigating the inner workings of a North Korean state-sponsored hacking group. Here's what I found: - The group used generative AI tools to aid in almost every part of their operations. - They exfiltrated 26,584 cryptocurrency wallets from victim systems, with a combined value totaling as much $12 million dollars. - In several cases, the threat actors set up entire front companies to lure in developers via fake job posting, then infected them with malware. - The threat actors successfully pulled off a supply-chain attack by compromising a VS Code extension developer's system. 🔗 Full article: https://expel.com/blog/inside-lazarus-how-north-korea-uses-ai-to-industrialize-attacks-on-developers/

Trust Metrics

Accuracy

Framing

Context

Tone

Accuracy82%

Framing88%

Context80%

Tone50%

Analysis Summary

A North Korean hacking group called Lazarus used AI-generated malware, fake job postings, and VS Code compromises to steal cryptocurrency and developer credentials in 2026. The group's tactics have shifted from directly attacking exchanges to infiltrating developer environments through social engineering and open-source supply chains, making them harder to detect. Multiple security firms documented these campaigns in real time as Lazarus stole over $500 million from DeFi protocols in April 2026 alone.

Claims Analysis (4)

“The group used generative AI tools to aid in almost every part of their operations”

Confirmed in multiple 2026 security reports documenting AI-generated code in Lazarus malware.

✓ Verified

“They exfiltrated 26,584 cryptocurrency wallets from victim systems, with a combined value totaling as much $12 million dollars”

Specific count and valuation not found in web search. Related wallet-targeting campaigns documented but not this exact metric.

? Unverifiable

“The threat actors set up entire front companies to lure in developers via fake job posting, then infected them with malware”

Multiple sources confirm Lazarus uses fake recruiter profiles and job postings to distribute malware to developers.

✓ Verified

“The threat actors successfully pulled off a supply-chain attack by compromising a VS Code extension developer's system”

Confirmed in January-April 2026 reports of VS Code malware delivery via compromised repositories and extensions.

✓ Verified

Verify Yourself

🔍 Google Search ↗📰 Google News ↗🏛 PolitiFact ↗🔎 Snopes ↗✓ AP Fact Check ↗

View Original Post Score Your Feed

Was this analysis helpful?

Try ClearFeed free →

clearfeed.app — Trust scores for your social feed

Terms·Privacy