North Korea Hackers Steal $300 Million via Fake Zoom Meetings
North Korea cybercriminals have executed a strategic pivot of their social engineering campaigns. They have stolen greater than $300 million by impersonating trusted business figures in pretend video conferences.
The warning, detailed by MetaMask safety researcher Taylor Monahan (referred to as Tayvano), outlines a complicated “long-con” concentrating on crypto executives.
How North Korea’s Fake Meetings Are Draining Crypto Wallets
According to Monahan, the marketing campaign departs from current assaults that relied on AI deepfakes.
Instead, it makes use of a extra easy strategy constructed on hijacked Telegram accounts and looped footage from actual interviews.
The assault usually begins after hackers seize management of a trusted Telegram account, usually belonging to a enterprise capitalist or somebody the sufferer beforehand met at a convention.
Then, the malicious attackers exploit prior chat historical past to look respectable, guiding the sufferer to a Zoom or Microsoft Teams video name via a disguised Calendly hyperlink.
Once the assembly begins, the sufferer sees what seems to be a stay video feed of their contact. In actuality, it’s usually a recycled recording from a podcast or public look.
The decisive second usually follows a manufactured technical problem.
After citing audio or video issues, the attacker urges the sufferer to revive the connection by downloading a particular script or updating a software program improvement package, or SDK. The file delivered at that time accommodates the malicious payload.
Once put in, the malware—usually a Remote Access Trojan (RAT)—grants the attacker complete management.
It drains cryptocurrency wallets and exfiltrates delicate knowledge, together with inside safety protocols and Telegram session tokens, that are then used to focus on the subsequent sufferer within the community.
Considering this, Monahan warned that this particular vector weaponizes professional courtesy.
The hackers depend on the psychological strain of a “enterprise assembly” to pressure a lapse in judgment, turning a routine troubleshooting request right into a deadly safety breach.
For business contributors, any request to obtain software program throughout a name is now thought of an energetic assault sign.
Meanwhile, this “pretend assembly” technique is a part of a broader offensive by Democratic People’s Republic of Korea (DPRK) actors. They have stolen an estimated $2 billion from the sector over the previous 12 months, including the Bybit breach.
The publish North Korea Hackers Steal $300 Million via Fake Zoom Meetings appeared first on BeInCrypto.
