North Korean Hackers’ Web3 Heist: A Comedy of Errors on Zoom and Telegram
North Korean threat actors are spicing up their cyber mischief with GhostCall and GhostHire campaigns, targeting Web3 and blockchain sectors. From fake Zoom calls to Telegram recruitment scams, they’re on a mission to infect systems faster than you can say “blockchain.” Apparently, hacking is a full-time job now.
Hot Take:
Move over Hollywood, North Korean cyber thugs are here with their own blockbuster: “GhostCall and GhostHire”! Why bother with sequels when real-world hacking sagas are more thrilling? These actors aren’t winning Oscars, but they sure are collecting data faster than you can say ‘malware.’ This isn’t just another episode of Catfish; it’s a full-blown cyber soap opera with a global audience and an enthusiastic cast of unsuspecting victims!
Key Points:
- North Korean threat actors are targeting the Web3 and blockchain sectors via GhostCall and GhostHire campaigns.
- The campaigns are traced back to a Lazarus Group sub-cluster named BlueNoroff.
- GhostCall targets macOS devices, while GhostHire targets Web3 developers through Telegram.
- Malware includes AppleScripts, PowerShell commands, and payloads like DownTroy and CosmicDoor.
- Attackers use fake Zoom and Microsoft Teams calls to trick victims into downloading malicious software.