Skip to main content
Sign in

UNK_DeadDrop

avoid.net/unk-deaddrop0/100·88% conf.
[AI-DRAFTED · AWAITING VERIFICATION]
anchored·3BG1Gf…cU4x

Summary

UNK_DeadDrop is a threat cluster designation assigned by Proofpoint Threat Research to a likely North Korea-aligned cyber threat actor that conducted a sustained phishing campaign targeting software developers between April and May 2026. The campaign used fake job offers and code-review requests linked to malicious GitHub and GitLab repositories to deliver cross-platform malware designed to steal cryptocurrency wallets and developer credentials. The actor is tracked as a distinct cluster from the previously documented Contagious Interview operation, though significant tactical and objective overlap is noted.

Connected Entities

1 entities · 10 linked investigations
Organizations
UNK_DeadDrop
Relationships
    Also appears in
    Mach-O Man Malware Campaign (Lazarus / Chollima)·0Tudou Guarantee Telegram Marketplace·0Fake MetaMask Update Phishing Campaign (May 2026)·0Gemcoin·0Zcash Orchard Counterfeiting Vulnerability·30Bandcampro AI-Assisted Fraud Campaign·2YAM Finance·28Trust Wallet Chrome Extension Hack (December 2025)·28Sinaloa Cartel — OFAC Ethereum Address Designations·0FIFA World Cup 2026 Crypto Scam Tokens·0
    Have evidence about UNK_DeadDrop?

    Timeline(4 events)

    2026-04-01

    UNK_DeadDrop campaign begins. Proofpoint observes the first phishing emails using fake developer job offer lures linking to malicious GitHub repositories. Exact start date within April 2026 not publicly specified.

    Proofpoint Threat Research

    2026-05-01

    Campaign lures shift in later May 2026 to peer code-review requests, with attackers posing as representatives of fictional cryptocurrency and AI firms Pulsynk and Trixauvex, as well as ERC-4626 smart-contract testing and AI payment agent project themes.

    Proofpoint Threat Research

    2026-05-31

    By the end of May 2026, UNK_DeadDrop had sent more than 250 phishing emails targeting individuals at approximately 100 organizations over the six-week campaign window.

    The Register

    2026-06-08

    Proofpoint publishes public threat intelligence report disclosing the UNK_DeadDrop campaign, its techniques, impersonated companies, and likely North Korean attribution. Coverage follows from The Register, Infosecurity Magazine, SC Media, TechRadar, and other outlets.

    Proofpoint Threat Research
    Provenance & Audit Trail
    Anchored on SolanaVerify on-chain

    Decision Log

    This investigation is cryptographically anchored to the Solana blockchain and source URLs are archived via the Internet Archive.

    full audit log →version history →

    model: claude-sonnet-4-6

    generated: 6/14/2026, 11:03:15 PM

    last updated: 6/15/2026, 12:11:57 AM

    avoid.net — verified advice for a post-truth world