Description: An alleged phishing scheme involving actors linked to North Korea used purported AI-generated deepfake videos of company executives to deceive a Web3 employee during a fake Zoom call. The target was reportedly tricked into installing macOS malware disguised as a "Zoom extension," leading to the deployment of spyware, a keylogger, and a crypto wallet stealer. The attackers reportedly used Telegram and spoofed Zoom domains to orchestrate the breach.
Editor Notes: See also Incident 644: Alleged State-Sponsored Hackers Escalate Purported Phishing Attacks Using Artificial Intelligence.
Entities
View all entitiesAlleged: Unknown voice cloning technology developers and Unknown deepfake technology developers developed an AI system deployed by North Korea , Lazarus Group , BlueNoroff and Government of North Korea, which harmed Zoom , Web3 , Unnamed Web3 employee , Truth , National security and intelligence stakeholders , macOS users , Epistemic integrity and Cryptocurrency infrastructure.
Alleged implicated AI systems: Zoom , Unknown voice cloning technology , Unknown deepfake technology , Telegram , macOS and Cryptocurrency wallets
Incident Stats
Risk Subdomain
A further 23 subdomains create an accessible and understandable classification of hazards and harms associated with AI
4.3. Fraud, scams, and targeted manipulation
Risk Domain
The Domain Taxonomy of AI Risks classifies risks into seven AI risk domains: (1) Discrimination & toxicity, (2) Privacy & security, (3) Misinformation, (4) Malicious actors & misuse, (5) Human-computer interaction, (6) Socioeconomic & environmental harms, and (7) AI system safety, failures & limitations.
- Malicious Actors & Misuse
Entity
Which, if any, entity is presented as the main cause of the risk
Human
Timing
The stage in the AI lifecycle at which the risk is presented as occurring
Post-deployment
Intent
Whether the risk is presented as occurring as an expected or unexpected outcome from pursuing a goal
Intentional
Incident Reports
Reports Timeline
Loading...
A new cyber attack campaign by North Korea-linked group BlueNoroff has come to light, targeting a Web3 industry employee through deepfake Zoom calls and macOS malware. Security researchers say the incident reflects growing sophistication in…
Variants
A "variant" is an AI incident similar to a known case—it has the same causes, harms, and AI system. Instead of listing it separately, we group it under the first reported incident. Unlike other incidents, variants do not need to have been reported outside the AIID. Learn more from the research paper.
Seen something similar?
Similar Incidents
Selected by our editors
Did our AI mess up? Flag the unrelated incidents
Similar Incidents
Selected by our editors
Did our AI mess up? Flag the unrelated incidents