Threat Intelligence / Actor / Lazarus Group

Lazarus Group

Nation: North Korea · 3 tracked threat(s) · Categories: MALWARE, VULNERABILITY, PHISHING

Also known as: Hidden Cobra, APT38, Diamond Sleet, Famous Chollima, UNC2970, DEV-0139, Sapphire Sleet, Contagious Interview Operators, TaskJacker, TasksJacker, PolinRider, TraderTraitor

Tracked threats

Lazarus Group (DPRK) Hides BeaverTail / InvisibleFerret Loader in Git Hooks via precommit.vercel.app — Contagious Interview / TaskJacker Evolution (May 2026) — HIGH
KelpDAO LayerZero Bridge Exploit — $292M rsETH Minted Against Non-Existent Burn (Lazarus Group, April 2026) — CRITICAL
Matryoshka ClickFix macOS Variant — Nested Heredoc Obfuscation, AppleScript Credential Stealer, Trezor Suite Replacement, Ledger Live Surgical Patching, API-Gated C2 — HIGH

Full actor intelligence — infrastructure, IOCs, detection coverage and operator fingerprints — is available via the Threadlinqs MCP server (Purple tier). View plans →

Threadlinqs Intelligence