North Korean Hackers Target Firms With Fake Zoom Apps

North Korean hackers target firms by deploying fake Zoom applications to hijack systems through deceptive video conferencing setups. The attackers use LinkedIn to pose as business professionals, initiating contact under the guise of legitimate investment or partnership inquiries.

Once trust is established, the attackers invite victims to meetings hosted on spoofed domains resembling Zoom infrastructure, such as “zoom.usweb08.us.” North Korean hackers target firms’ executives and founders, often luring them into executing terminal commands during fake troubleshooting sessions.

The malware mimics the Zoom interface, complete with participant tiles and chat functions. Victims encounter fabricated audio issues, prompting attackers to instruct them to run malicious commands.

The campaign’s infrastructure includes recently registered domains and encrypted messaging channels. Attackers use calendar bookings and urgent pre-meeting messages to increase pressure.

Researchers uncovered a coordinated effort involving repeated tactics across multiple targets, suggesting sophisticated planning.

Read the full report at: https://cybersecuritynews.com/north-korean-hackers-trick-users-with-weaponized-zoom-apps/