TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Infosecurity Magazine

North Korean Hackers Target Crypto Firms with ClickFix and AI-Made Zoom Lures

2026-04-28 · Read original ↗

ATT&CK techniques detected

4 predictions
T1566.002Spearphishing Link
100%
“north korean hackers target crypto firms with clickfix and ai - made zoom lures a team of hackers associated to the north korean - linked lazarus group has conducted a large - scale cyber theft campaign targeting over 100 cryptocurrency organizations across more than 20 countries…”
T1566.002Spearphishing Link
99%
“chain initiated through a typosquatted zoom meeting link delivered via a manipulated calendly calendar invite. when clicking the link, the victim was presented with a fake zoom meeting interface that covertly exfiltrated their live camera feed to use as a lure in future attacks, …”
T1657Financial Theft
97%
“of a known fake conference campaign publicly attributed to bluenoroff by kaspersky and huntress. according to arctic wolf, bluenoroff is a subgroup of the lazarus group and is known under many aliases, including apt38, sapphire sleet, ta444, stardust chollima, cageychameleon and …”
T1555.003Credentials from Web Browsers
51%
“chain initiated through a typosquatted zoom meeting link delivered via a manipulated calendly calendar invite. when clicking the link, the victim was presented with a fake zoom meeting interface that covertly exfiltrated their live camera feed to use as a lure in future attacks, …”

Summary

Arctic Wolf attributed this large-scale spear-phishing campaign to BlueNoroff, a financially motivated subgroup of the Lazarus Group