You've been muted...permanently. [Research Saturday]
6/6/202621 min
Ismael Valenzuela, Arctic Wolf’s VP of Labs, Threat Research and Intelligence, discusses their work on "BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web3 Sector." Arctic Wolf researchers uncovered a sophisticated campaign by North Korean threat group Lazarus Group subgroup BlueNoroff that targets cryptocurrency and Web3 executives through fake Zoom and Microsoft Teams meetings, using typo-squatted links, ClickFix-style attacks, and AI-generated deepfakes to steal credentials and cryptocurrency-related data. The attackers built a self-reinforcing operation that captures victims’ webcam footage and Telegram sessions, then repurposes those assets alongside AI-generated images to create increasingly convincing fake meeting participants for future attacks. Researchers identified more than 100 victims across 20 countries, with the campaign primarily targeting CEOs, founders, investors, and senior leaders in the cryptocurrency, blockchain, and financial sectors as part of a long-running effort to steal digital assets and gain access to high-value networks. The research and executive brief can be found here: BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web3 Sector Learn more about your ad choices. Visit megaphone.fm/adchoices
Clips
Transcript preview
First 90 secondsSpeaker 10:00
[intro jingle] You're listening to the CyberWire network, powered by N2K.
Maria Varmazis0:05
Do you know how the space and cybersecurity domains connect? T-Minus Space Cyber Briefing is your guide through the space-based systems that expand the attack surface. I'm Maria Varmazis, host here at N2K CyberWire, and I'm excited to share that T-Minus is back now as a weekly podcast, the T-Minus Space Cyber Briefing. We have a new dedicated focus on two great things that are even better together, space and cybersecurity. Because whether we realize it or not, we all depend on space-based systems that are, by the way, increasingly internet-enabled. We're talking cybersecurity technologies, policies, and organizations that are securing the critical space-based infrastructure that powers, protects, and connects our lives here on Earth. So join me for T-Minus Space Cyber Briefing, new episodes every Sunday.
Dave Bittner· Host1:04
[gentle music] Maybe that's an urgent message from your CEO, or maybe it's a deep fake trying to target your business. Doppel is the AI native social engineering defense platform fighting back against impersonation and manipulation. As attackers use AI