Lazarus APT Group: Crypto Heist and Job Scams Exposed

Silent Push analysts have uncovered infrastructure used by the Lazarus APT Group, linking them to a $1.4 billion crypto heist and job scams on LinkedIn. The group registered the domain bybit-assessment[.]com hours before the heist and used Astrill VPN IPs for their operations. Fake job interviews lure victims into downloading malware, with brands like Stripe, Coinbase, and Binance being impersonated. The investigation revealed 27 unique Astrill VPN IPs and multiple malicious domains connected to Lazarus.