"The attack chain begins with spearphishing, which involves impersonating high-profile individuals, typically in the financial technology or legal industries. Masking behind these deepfaked identities, the hackers try to get their targets on a call using a fake meeting link."
"In the observed attack, the victim was sent what looked like a legitimate Calendly link. However, the meeting link in that Calendly invite used a typosquatted domain to redirect recipients to a fake Zoom or Microsoft Teams call."
"Once the target joins the call through the malicious call interface, the audio appears to stop working mid-call. The attacker-controlled call interface will, at this point, display a notification prompting the victim to update their video conferencing software development kit so the audio can continue."
BlueNoroff, a subgroup of North Korea's Lazarus Group, targets Web3 and cryptocurrency organizations using advanced social engineering, AI-generated deepfakes, and fileless PowerShell malware. Researchers identified over 100 victims across 20 countries, primarily targeting founders and CEOs. The attack begins with spearphishing, impersonating high-profile individuals to lure victims into fake meetings via typosquatted links. Once in the call, victims are tricked into executing malicious commands under the guise of fixing audio issues, leading to credential theft.
Read at TechRepublic
Unable to calculate read time
Collection
[
|
...
]