JPCERT/CC reviews Lazarus use of LinkedIn as an initial access vector against organizations, including cryptocurrency-related and defense-industry targets. The activity includes suspicious recruiter-style contact, pressure to move conversations from LinkedIn to Skype or WhatsApp, attempts to make victims download and execute files, and follow-up questions about execution status or the victim environment. The report connects these behaviors to Lazarus and TraderTraitor-style operations and recommends limiting SNS use on business hosts and hardening access controls.