North Korean Hackers Deploy Malware Using Weaponized Calendly and Google Meet Links

The North Korean state-sponsored threat actor group, identified as TA444 (also known as BlueNoroff, Sapphire Sleet, and others), has unleashed a sophisticated malware campaign targeting cryptocurrency foundations.

This intricate attack, uncovered by Huntress, leverages weaponized Calendly links and deceptive Google Meet invitations to deliver a barrage of malicious payloads, specifically designed for macOS systems.

The group, notorious for cryptocurrency theft since at least 2017, employed deepfake technology and social engineering to trick victims into downloading a malicious Zoom extension, initiating a multi-stage intrusion with devastating consequences.

Sophisticated Social Engineering Tactics

The attack began with an employee at a cryptocurrency foundation receiving a seemingly innocuous Telegram message from an external contact requesting a meeting.

A Calendly link, disguised as a Google Meet event, redirected the victim to a fake Zoom domain controlled by the attackers.

Weeks later, during a group meeting featuring ...