BlueNoroff GhostCall and GhostHire Web3/blockchain targeting campaign
Campaign
Summary
Hide ▲
Show ▼
The BlueNoroff-linked GhostCall and GhostHire campaigns are actively targeting the Web3 and blockchain sectors, putting executives, venture capital staff, and developers at risk across macOS and Windows. The operation has been active since at least mid-2023 and spans victims in multiple countries. Attackers use Telegram, fake Zoom/Microsoft Teams lures, and booby-trapped GitHub projects to push victims into infection chains. The result is a sustained cross-platform campaign aimed at credential theft and follow-on compromise.
Related Happenings
Lazarus Group RemotePE long-term observation campaign against financial and cryptocurrency organizations
Campaign
First: 25.05.2026 12:32
Last: 25.05.2026 12:32
Sources 1
About this happening:
The **Lazarus Group** was tied to a **RemotePE** campaign against **financial and cryptocurrency organizations**, signaling a stealth-focused operation with sustained access risk....
Lazarus Group RemotePE long-term observation campaign against financial and cryptocurrency organizations
CampaignAbout this happening: The **Lazarus Group** was tied to a **RemotePE** campaign against **financial and cryptocurrency organizations**, signaling a stealth-focused operation with sustained access risk....
Calypso telecommunications espionage campaign using Showboat and JFMBackdoor
Campaign
First: 21.05.2026 17:00
Last: 21.05.2026 17:00
Sources 1
About this happening:
A **Calypso / Red Lamassu** espionage campaign is targeting **telecommunications providers** with new **Showboat** and **JFMBackdoor** malware, increasing the risk of long-term co...
Calypso telecommunications espionage campaign using Showboat and JFMBackdoor
CampaignAbout this happening: A **Calypso / Red Lamassu** espionage campaign is targeting **telecommunications providers** with new **Showboat** and **JFMBackdoor** malware, increasing the risk of long-term co...
Webworm multi-country targeting campaign against government and enterprise victims
Campaign
First: 20.05.2026 15:51
Last: 20.05.2026 15:51
Sources 1
About this happening:
**Webworm** is running a **multi-country targeting campaign** against **government agencies and enterprises**, expanding the risk of persistent access across several regions. The...
Webworm multi-country targeting campaign against government and enterprise victims
CampaignAbout this happening: **Webworm** is running a **multi-country targeting campaign** against **government agencies and enterprises**, expanding the risk of persistent access across several regions. The...
Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/Service
First: 08.04.2026 12:16
Last: 08.04.2026 12:16
Sources 1
About this happening:
**Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...
Anthropic launches Project Glasswing with Claude Mythos for vulnerability discovery
Security Tool/ServiceAbout this happening: **Anthropic’s Project Glasswing** is now showing measurable results: since launching last month, the **Claude Mythos Preview**-based initiative has uncovered **more than 10,000**...
Latest development: 23.05.2026 14:55
Anthropic said Project Glasswing has uncovered more than 10,000 high- or critical-severity vulnerabilities across widely used software since the program launched last month, including 6,202 high/critical flaws affecting more than 1,000 open-source projects, 1,726 validated true positives, 1,094 high/critical flaws, a critical WolfSSL flaw tracked as CVE-2026-5194 with CVSS score 9.1, 97 upstream patches, and 88 advisories.
ClickFix MacSync social-engineering campaign targeting macOS users
Campaign
First: 16.03.2026 13:41
Last: 16.03.2026 13:41
Sources 1
About this happening:
A **ClickFix** campaign is using **fake Cloudflare CAPTCHA verification challenges**, **embedded video tutorials**, and **automatic OS detection** to trick victims into pasting an...
ClickFix MacSync social-engineering campaign targeting macOS users
CampaignAbout this happening: A **ClickFix** campaign is using **fake Cloudflare CAPTCHA verification challenges**, **embedded video tutorials**, and **automatic OS detection** to trick victims into pasting an...
Timeline
-
28.10.2025 18:12 1 articles · 7mo ago
BlueNoroff-linked GhostCall and GhostHire disclosure
Initial DisclosureKaspersky says North Korea-linked BlueNoroff, a Lazarus Group sub-cluster also known as APT38, is running the GhostCall and GhostHire campaigns as part of SnatchCrypto, which has been underway since at least 2017. The operations target Web3 and blockchain victims through Telegram contact, fake Zoom and Microsoft Teams phishing pages, and booby-trapped GitHub projects, with activity reported across macOS and Windows targets in multiple countries.
Show sources
- Researchers Expose GhostCall and GhostHire: BlueNoroff's New Malware Chains — thehackernews.com — 28.10.2025 18:12