description: "Technical analysis of three consecutive Lazarus Group campaigns targeting the same GitHub users with different social engineering vec...
For further actions, you may consider blocking this person and/or reporting abuse
This looks like outer-loop automation ,lure generation, segmentation, and A/B testing paired with a human-governed inner loop for high-risk actions. The 19-day pivot suggests the Observe/Orient cycle is tightening, but burn rate and attribution pressure still limit full end-to-end autonomy. In other words, sensing and adaptation are scaling faster than execution can safely keep up.
feels less like persistence and more like steering.
If telemetry or observability can be influenced, you can feed the team a stable but false picture of the system and the developer’s OODA loop becomes the attack surface.
The AI part is what makes it nastier: bad instrumentation doesn’t just hide the attack, it can train the model toward the wrong fix.
You're absolutely right! I love watching their evolution and getting the opportunity to use the techniques for practice phishing tests within RedTeam.
github.com/copyleftdev/lazarus-19d...
its cool! Thanx! Very good job!