NK’s Lazarus Group Targets Crypto Exec with Zoom Phishing Scheme

  • North Korea‘s Lazarus Group is escalating its crypto phishing tactics using fake Zoom calls, deepfakes, and Malware.
  • Kenny Li, co-founder of Manta Network, recently experienced an elaborate Zoom phishing attempt attributed to the Lazarus Group.
  • Security experts warn that North Korean Hackers have expanded their operations with multiple subgroups, targeting crypto executives worldwide.

Kenny Li, co-founder of Ethereum layer-2 project Manta Network, reported being targeted in a sophisticated Zoom phishing attempt allegedly orchestrated by North Korea‘s Lazarus Group. In a Twitter post on Thursday, Li described how attackers arranged a call where familiar faces appeared on camera but didn’t speak, followed by prompts to download malicious software to supposedly fix audio issues.

- Advertisement -

"I could see their legit faces. Everything looked very real," Li wrote, explaining that when he couldn’t hear anyone speaking, the fake Zoom interface prompted him to "download a script file" which he refused to do. When Li suggested switching to Google Meet to verify authenticity, the impersonator refused, deleted all messages, and blocked him.

While Li noted he wasn’t "certain" the attempt was specifically from Lazarus, security researchers confirmed the tactics matched the group’s known methods. Li suggested the attackers likely used either deepfakes or "recordings from previous calls where they infected/hacked the other people" to create the convincing video presence.

Evolving Tactics in North Korean Cyber Operations

This incident represents just one example of Lazarus Group’s expanding arsenal of crypto-focused attacks. Already implicated in February’s $1.4 billion Bybit hack, the North Korean state-backed unit has evolved its approach by combining deepfake technology, malware distribution, and sophisticated social engineering.

Research from Paradigm security researcher Samczsun and Google’s Threat Intelligence Group (GTIG) reveals that Lazarus is merely one component of North Korea’s comprehensive cyber operations. The regime now deploys multiple specialized Hacking subgroups including AppleJeus, APT38, and TraderTraitor.

Industry-Wide Warning Signs

- Advertisement -

Nick Bax of the Security Alliance (SEAL) issued a warning in March about this specific attack vector: "Having audio issues on your Zoom call? That’s not a VC, it’s North Korean hackers." He described the identical playbook where victims see familiar faces, experience audio problems, and are directed to download malicious "fixes."

Similarly, Giulio Xiloyannis, co-founder of MON Protocol, shared his own encounter with the scheme. During what appeared to be a legitimate call, impersonators asked him to switch to a suspicious Zoom link. He became suspicious when he noticed faces from unrelated companies appearing on the call.

According to GTIG’s recent report, North Korean IT operatives are now infiltrating tech teams across the US, UK, Germany, and Serbia, using falsified credentials to gain insider access to cryptocurrency organizations. Security experts recommend basic defenses like two-factor authentication, device segregation, and contacting specialized security groups like SEAL 911 if a breach is suspected.

- Advertisement -

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -

Latest News

Shopify, Coinbase Launch USDC Payments; Mastercard Expands Crypto Access

Shopify and Coinbase allow merchants to accept USDC stablecoin payments, making crypto transactions easier...

Coinbase Launches Wrapped ADA and LTC on Base, COIN Hits New High

Coinbase has introduced wrapped versions of Cardano (ADA) and Litecoin (LTC) on its Ethereum...

ClickFix Attacks Surge 517% in 2025, Fake CAPTCHAs Spread Malware

ClickFix attacks using fake CAPTCHA verifications have risen by 517% in early 2025, according...

FHFA Orders Fannie, Freddie to Consider Crypto as Mortgage Collateral

The U.S. Federal Housing Finance Agency ordered Fannie Mae and Freddie Mac to consider...

Retail Investors Can Now Buy Tokenized Shares of SpaceX via Blockchain

Retail investors can now buy blockchain-based fractional shares in SpaceX through Republic. These digital tokens...

Must Read

Top 10 Best Cryptocurrency Lending Platforms

This article needs an update. Many of the platforms listed here have closed their doors.In this article, we are presenting the best cryptocurrency lending...