Find notable cyber news and cases, enriched with sources, timelines, and signals.

BlueNoroff GhostCall and GhostHire Web3/blockchain targeting campaign

Campaign
First reported
Last updated
Happening score
H score 29
1 unique sources, 1 articles

Summary

Hide ▲

The BlueNoroff-linked GhostCall and GhostHire campaigns are actively targeting the Web3 and blockchain sectors, putting executives, venture capital staff, and developers at risk across macOS and Windows. The operation has been active since at least mid-2023 and spans victims in multiple countries. Attackers use Telegram, fake Zoom/Microsoft Teams lures, and booby-trapped GitHub projects to push victims into infection chains. The result is a sustained cross-platform campaign aimed at credential theft and follow-on compromise.

Related Happenings

KongTuke ClickFix and Teams access-seeking campaign

Campaign
H score33 First: 25.06.2026 11:54 Last: 25.06.2026 11:54 Sources 1

About this happening: The **KongTuke** operation is using **ClickFix** lures and **Microsoft Teams** messages to widen access-seeking attacks against **multiple organizations**, increasing the risk of...

Ghost Networks crypto-clipper promotion campaign

Campaign
H score15 First: 17.06.2026 21:14 Last: 17.06.2026 21:14 Sources 1

About this happening: **Unknown threat actor** is running an **active June 2026** campaign that fakes legitimacy to distribute a **Rust-based clipboard hijacker**. The operation uses **bogus GitHub sta...

Contagious Interview UNK_DeadDrop GitHub phishing campaign

Campaign
H score37 First: 15.06.2026 22:32 Last: 15.06.2026 22:32 Sources 1

About this happening: The **Contagious Interview** cluster is running the **UNK_DeadDrop** phishing campaign to lure developers with **recruitment** and **code review** themes, reaching **nearly 100 or...

Phantom Mantis shifts The Gentlemen into an independent ransomware partnership program

Threat Actor Meta
H score24 First: 11.06.2026 19:50 Last: 11.06.2026 19:50 Sources 1

About this happening: **Phantom Mantis** moved **The Gentlemen** from dependence on other ransomware ecosystems into an **independent partnership program**, expanding its operational autonomy and affil...

UNK_DeadDrop developer phishing campaign using fake job and code-review lures

Campaign
H score30 First: 08.06.2026 18:00 Last: 08.06.2026 18:00 Sources 1

About this happening: A **UNK_DeadDrop** phishing campaign sent **more than 250 emails** to software developers at **almost 100 organizations**, using fake job and code-review lures to steal **cryptocu...

Timeline

  1. 28.10.2025 18:12 1 articles · 8mo ago

    BlueNoroff-linked GhostCall and GhostHire disclosure

    Initial Disclosure

    Kaspersky says North Korea-linked BlueNoroff, a Lazarus Group sub-cluster also known as APT38, is running the GhostCall and GhostHire campaigns as part of SnatchCrypto, which has been underway since at least 2017. The operations target Web3 and blockchain victims through Telegram contact, fake Zoom and Microsoft Teams phishing pages, and booby-trapped GitHub projects, with activity reported across macOS and Windows targets in multiple countries.

    Show sources