Hyphen Connect A.I CyberSecurity Scoring
Hyphen Connect
Company Information
Website:https://www.hyphen-connect.com
Employees number:7
Number of followers:44,636
NAICS:5613
Industry Type:Staffing and Recruiting
Homepage:hyphen-connect.com
Hyphen Connect Risk Score (AI oriented)
Between 700 and 749
Hyphen ConnectStaffing and Recruiting
Updated:
08/06/2026
08/06/2026
733/1000
Moderate
Ba
Hyphen Connect Global Score (TPRM)
xxxx
Hyphen ConnectStaffing and Recruiting
Score locked

Hyphen ConnectModerate
Current Score
733Ba (MODERATE)
01000
1 incidents
-25 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
733
JUNE 2026
733
MAY 2026
733
APRIL 2026
756
Cyber Attack
01 Apr 2026 • Hyphen Connect
NXLog, OnePlan, Hypen Connect, Empower Pharmacy, Valon and Ondo Finance: Norks blast 250+ fake job offers to developers over 6 weeks to try and snarf creds and crypto
North Korean-Linked Phishing Campaign Targets Developers in Credential and Crypto Theft Scheme (UNK_DeadDrop)
731
CRITICAL-25
ONENXLHYPINOONDEMP1780957588
North Korean-Linked Phishing Campaign Targets Developers in Credential and Crypto Theft Scheme
A newly identified phishing campaign, tracked as UNK_DeadDrop and suspected to be linked to North Korea, has targeted over 250 individuals across nearly 100 organizations primarily in the U.S. between April and May 2024. The operation, uncovered by Proofpoint threat researchers, aims to steal developer credentials and cryptocurrency wallets through deceptive job offers and code review requests.
### Attack Methodology
The campaign begins with unsolicited emails spoofing legitimate companies, including Ondo Finance, Empower Pharmacy, NXLog, OnePlan, Hypen Connect, Valon, and Nourish. These messages offer fake roles such as "Full-Stack Engineer" or "Agent Lead Developer" and direct victims to malicious GitHub repositories disguised as coding assignments or cryptocurrency projects.
In May, the attackers shifted tactics, sending peer-review requests for open-source projects under the guise of companies like Pulsynk and Trixauvex, or soliciting Ethereum smart contract testing via Foundry. When victims open the repositories in VS Code or Cursor, a pre-configured task executes, deploying cross-platform malware on Windows, macOS, and Linux.
### Malware Execution & Payloads
- Linux & macOS: The malware uses a Go-based backdoor derived from the Overlord C2 framework, a legitimate red-team tool repurposed for malicious use. It includes modules for:
- Browser credential theft (Chrome, Firefox, and Chromium-based browsers).
- Cryptocurrency wallet exfiltration (MetaMask, Phantom, Exodus, Ledger Live, etc.).
- Anti-forensic cleanup to remove traces.
On macOS, the malware displays a fake system password prompt to escalate privileges, while on Linux, it uses Zenity for credential harvesting.
- Windows: The attack runs as JavaScript within VS Code’s Electron process, targeting 35 wallet extensions, 18 standalone wallets, and browser profiles. It installs Python-based stealers to extract credentials, cookies, and encrypted browser data, then exfiltrates them to attacker-controlled servers.
### Infrastructure & Evolution
Unlike previous North Korean-linked campaigns (e.g., Contagious Interview), UNK_DeadDrop relies on email-based phishing rather than social media, suggesting a scaled, industrialized approach. The attackers maintain distinct infrastructure, using GitHub repositories themed around cryptocurrency, exploits, AI payments, and Foundry testing to lure victims.
### Impact & Implications
The campaign highlights North Korea’s evolving cybercrime tactics, shifting from high-touch social engineering to large-scale phishing for financial gain. The use of legitimate tools (Overlord, Foundry, GitHub) and cross-platform malware underscores the growing sophistication of state-aligned threat actors targeting developers, financial services, and tech firms.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
MARCH 2026
756
FEBRUARY 2026
756
JANUARY 2026
756
DECEMBER 2025
756
NOVEMBER 2025
756
OCTOBER 2025
756
SEPTEMBER 2025
756
AUGUST 2025
756
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for Hyphen Connect ??
What was Hyphen Connect's A.I Rankiteo Cyber Score in June 2026 ??
What was Hyphen Connect's A.I Rankiteo Cyber Score in May 2026 ??
What was Hyphen Connect's A.I Rankiteo Cyber Score in April 2026 ??
What was Hyphen Connect's A.I Rankiteo Cyber Score in March 2026 ??
What was Hyphen Connect's A.I Rankiteo Cyber Score in February 2026 ??
What was Hyphen Connect's A.I Rankiteo Cyber Score in January 2026 ??
What was Hyphen Connect's A.I Rankiteo Cyber Score in December 2025 ??
What was Hyphen Connect's A.I Rankiteo Cyber Score in November 2025 ??
What was Hyphen Connect's A.I Rankiteo Cyber Score in October 2025 ??
What was Hyphen Connect's A.I Rankiteo Cyber Score in September 2025 ??
What was Hyphen Connect's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on Hyphen Connect's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with Hyphen Connect ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view Hyphen Connect's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?