SecurityScorecard says a North Korean state actor tried to compromise a DevOps engineer through a fake Web3 job approach on LinkedIn. The attacker used a compromised UK LinkedIn account to send the target to a Bitbucket repository for a skills test, where a Node.js application contained an obfuscated JavaScript backdoor. The repository mimicked an e-commerce Web3 and Solana project, included hardcoded MongoDB credentials, and reused a public key seen in related cryptocurrency-themed developer attacks since early 2024. STRIKE linked the backdoor to C2 at 147.124.214.129 and found evidence of additional affected tech workers in the United States, Pakistan, and Brazil.