North Korea

Incidents involved as Deployer

Incident 11171 Rapport
North Korea-Linked Actors Allegedly Use AI Executive Deepfakes in Zoom Phishing Targeting Web3 Employee

2025-06-22

An alleged phishing scheme involving actors linked to North Korea used purported AI-generated deepfake videos of company executives to deceive a Web3 employee during a fake Zoom call. The target was reportedly tricked into installing macOS malware disguised as a "Zoom extension," leading to the deployment of spyware, a keylogger, and a crypto wallet stealer. The attackers reportedly used Telegram and spoofed Zoom domains to orchestrate the breach.

North Korea

Incidents involved as Deployer

Incident 11171 RapportNorth Korea-Linked Actors Allegedly Use AI Executive Deepfakes in Zoom Phishing Targeting Web3 Employee

Related Entities Entités liéesAutres entités liées au même incident. Par exemple, si le développeur d'un incident est cette entité mais que le responsable de la mise en œuvre est une autre entité, ils sont marqués comme entités liées.

Entités liées

Lazarus Group

Incidents involved as Deployer

BlueNoroff

Incidents involved as Deployer

Unknown voice cloning technology developer

Incidents involved as Developer

Unknown deepfake technology developer

Incidents involved as Developer

Zoom

Affecté par des incidents

Incidents implicated systems

Web3

Affecté par des incidents

Unnamed Web3 employee

Affecté par des incidents

macOS users

Affecté par des incidents

Cryptocurrency infrastructure

Affecté par des incidents

Unknown voice cloning technology

Incidents implicated systems

Unknown deepfake technology

Incidents implicated systems

Telegram

Incidents implicated systems

macOS

Incidents implicated systems

Cryptocurrency wallets

Incidents implicated systems

Incident 11171 Rapport
North Korea-Linked Actors Allegedly Use AI Executive Deepfakes in Zoom Phishing Targeting Web3 Employee

Related Entities