JPCERT/CC warns that Lazarus-linked operators have repeatedly used LinkedIn as an initial contact vector against organizations in Japan since around 2019, including cases tied to cryptocurrency theft and earlier operations documented by the center. The source highlights attacker patterns such as moving conversations from LinkedIn to Skype, WhatsApp, or Telegram, pushing targets to download and execute files, repeatedly checking execution status and system details, and posing as recruiters with high compensation offers. One operation targets defense-industry companies by using hijacked legitimate LinkedIn accounts to approach employees and deliver a malicious Word document, while Dangerous Password targets cryptocurrency exchangers with ZIP archives containing malicious files such as Password.txt.lnk and later variants for macOS, VHDs, and OneNote. Operation AppleJeus targets cryptocurrency users and organizations by moving victims from LinkedIn to Telegram and delivering a malicious MSI disguised as a cryptocurrency exchange tool. The report argues that business use of social networking on work devices should be restricted or governed because legitimate hijacked accounts can make these approaches hard to detect.