×
North Korean hackers used AI deepfakes to steal $659M in crypto
Written by
Published on
Join our daily newsletter for breaking news, product launches and deals, research breakdowns, and other industry-leading AI coverage
Join Now

North Korean hackers from the notorious Lazarus group used AI deepfakes to impersonate company executives during a fake Zoom call, successfully tricking an employee at a cryptocurrency foundation into downloading malware. The sophisticated social engineering attack, orchestrated by the BlueNoroff unit, demonstrates how state-sponsored cybercriminals are weaponizing AI technology to target high-value cryptocurrency assets, with North Korea having stolen at least $659 million in digital currency in 2024 alone.

The attack methodology: The hackers initiated contact through Telegram, sending a Calendly link that redirected the victim to a fake Zoom domain under their control.
• During the group video call, multiple AI-generated deepfakes of senior company leadership and external contacts convinced the employee they needed to download a special Zoom extension to fix microphone issues.
• The malicious “extension” was actually macOS malware hosted on a lookalike domain at “https[://]support[.]us05web-zoom[.]biz.”

What the malware could do: Huntress, a cybersecurity company, recovered eight different malicious programs from the infected Mac, creating a comprehensive surveillance toolkit.
• The malware enabled keylogging (recording every keystroke), screen recording, and collection of cryptocurrency-related files.
• It specifically targeted Macs running Apple’s Arm-based chips and would silently install Rosetta 2 if needed to run older x86 programs.
• The attack effectively backdoored the victim’s system, giving hackers extensive access to sensitive information.

Why this matters: The incident highlights the evolving sophistication of North Korean cyber operations and the growing threat to macOS users.
• Remote workers are “often ideal targets” for these types of attacks, according to Huntress.
• “Over the last few years, we have seen macOS become a larger target for threat actors, especially with regard to highly sophisticated, state-sponsored attackers,” the cybersecurity vendor noted.

The bigger picture: This attack represents a significant escalation in social engineering tactics, combining AI deepfakes with traditional malware distribution methods to target the lucrative cryptocurrency sector.
• The Lazarus group’s BlueNoroff unit has become increasingly focused on cryptocurrency theft as part of North Korea’s broader cybercrime strategy.
• The use of AI-generated video calls marks a new frontier in deception technology, making it increasingly difficult for targets to distinguish between legitimate and malicious communications.

Zoom Call With 'Execs' Turns Out To Be North Koreans Using AI Deepfakes

Recent News

Ecolab CDO transforms century-old company with AI-powered revenue solutions

From dish machine diagnostics to pathogen detection, digital tools now generate subscription-based revenue streams.

Google Maps uses AI to reduce European car dependency with 4 major updates

Smart routing now suggests walking or transit when they'll beat driving through traffic.

Am I hearing this right? AI system detects Parkinson’s disease from…ear wax, with 94% accuracy

The robotic nose identifies four telltale compounds that create Parkinson's characteristic musky scent.