Experts warn of North Korean crypto gang - Historico da BBS TELESC.NET.BR

BBS:      TELESC.NET.BR
Assunto:  Experts warn of North Korean crypto gang
De:       Mike Powell
Data:     Wed, 29 Apr 2026 09:25:26 -0500
-----------------------------------------------------------
'The attacker completed in under five minutes': Experts warn of North 
Korea-linked campaign using fake Zoom meetings to target crypto execs

Date:
Tue, 28 Apr 2026 19:20:00 +0000

Description:
Highly sophisticated scam will leave you questioning what's real while 
hackers steal your crypto.

FULL STORY
Security researchers Arctic Wolf have revealed details of a highly
sophisticated campaign targeting North American Web3 and cryptocurrency 
companies. 

It is conducted by state-sponsored threat actors called BlueNoroff, a 
financially motivated subgroup of the dreaded North Korean Lazarus Group, 
with a goal of establishing persistent access on their targets devices. They 
do so by tricking the victim into installing malware on the computers 
themselves, but the way they do it is quite advanced.
 
ClicFix has entered the chat -- While preparing for the attack, the
threat actors would use real, high-value people from the Web3 world, generate 
convincing headshots using ChatGPT, and create semi-animated videos using 
Adobe Premiere Pro 2021. 

They would then create a fake Zoom video call website identical to the actual 
Zoom call page, and would display the video to make it look even more 
convincing. 

BlueNoroff would then invite the actual victim through Calendly, almost half 
a year into the future (most likely to make it look more convincing - 
important people are, after all, super busy). 

When the victim clicks on the Zoom link, they see what theyre used to seeing 
- a video call page with the person on the other side moving and acting as if 
they were real. However, eight seconds into the call, a message would pop up 
across the screen, saying their SDK is deprecated and presenting them with an 
Update Now button.

The button leads to a typical ClickFix technique - to fix the problem, the 
victim needs to copy and paste a command. But since many are now aware of 
these attacks, BlueNoroff takes it a step further - the code being copied is 
actually legitimate and benign. 

However, the fake Zoom website has a malicious JavaScript application 
embedded which handles the copy action, intercepts the clipboard event in the 
browser, and replaces what the user thinks they copied with different code. 

That code, if executed, deploys malware on the device which establishes 
remote access to the system, allows BlueNoroff to exfiltrate credentials, 
session tokens, and other sensitive business data, and grants them the 
ability to move laterally throughout the network. 

The technical execution chain in this campaign is both efficient and 
operationally disciplined, Arctic Wolf said. From initial URL click to full 
system compromise, including C2 establishment, Telegram session theft, 
browser credential harvesting, and persistence, the attacker completed in 
under five minutes.

Link to news story:
https://www.techradar.com/pro/security/the-attacker-completed-in-under-five-mi
nutes-experts-warn-of-north-korea-linked-campaign-using-fake-zoom-meetings-to-
target-crypto-execs

$$
--- MultiMail/DOS
 * Origin: Capitol City Hub (1:2320/105)

-----------------------------------------------------------
[Voltar]