Building a VS Code Phishing Simulation for Security Awareness Training - Simulation Lazarus - APT 38
π Table of Contents Introduction The Real Threat: Lazarus Group How the Attack Works Building the Simulation Technical Deep Dive Setting Up Your Own Campaign Ethical Considerations Detection and Prevention Conclusion π¨ Introduction In early 2026, cybersecurity researchers uncovered a sophisticated attack campaign by the North Korean APT group Lazarus, targeting developers through fake job interviews. The attack leveraged VS Codeβs workspace trust feature to automatically execute malicious code when developers opened seemingly legitimate project repositories. ...