North Korean Hackers Take Over Victims’ Systems Using Zoom Meeting

Security researchers tracking malicious hacker attacks from North Korea say a string of recent social engineering attacks targeting Zoom users is the handiwork of BlueNoroff, a Pyongyang APT that targets financial institutions.

The incidents follow a similar pattern, where the victim joins a Zoom Meeting but experiences audio issues and is instructed to execute malicious extensions or commands that would provide the attackers with full access to their systems.

One month ago, Ability AI founder and CEO Eugene Vyborov said he was targeted by such an attempt. After scheduling a meeting, the attackers sent a link that directed to a fake Zoom call that featured deepfake participants.

When Vyborov’s audio was not connecting, he was directed to a fake Zoom help page instructing him to run terminal commands to fix it.

“At that point, I stopped engaging. When I insisted on switching to Google Meet, they pushed back saying ...