Lazarus Group Uses Deepfakes in Phishing Attack on Manta Network Co-Founder

Manta Network co-founder Kenny Li recently disclosed a sophisticated phishing attack orchestrated by the notorious North Korean hacker group, Lazarus. The attack, which occurred during a Zoom video conference, involved the use of stolen real videos of team members to deceive Li into downloading malicious scripts. Li noted that the video quality was indistinguishable from that of an ordinary webcam, making it difficult to detect the deception initially. However, he became suspicious when the system prompted him to download a script file, at which point he immediately terminated the session.
Li attempted to verify the attacker's identity through Telegram but was met with resistance. The attacker swiftly deleted the conversation record and blocked Li, further raising his suspicions. This incident highlights the Lazarus Group's evolving tactics, which exploit the trust and familiarity that executives in the cryptocurrency industry have with their colleagues. The group capitalizes on the target's willingness to comply with sudden meeting requests and the fatigue caused by the constant influx of information.
Li's experience is not an isolated incident. Many industry insiders have reported encountering similar attacks, often involving requests to download a supposedly "business-only version" of Zoom. These attacks underscore the need for heightened vigilance, particularly when unexpected meetings or file downloads are involved. Li's disclosure serves as a critical reminder for professionals in the cryptocurrency sector to remain cautious and verify the authenticity of any sudden communication or file request, regardless of how legitimate it may appear.
The Lazarus Group's use of deepfake technology in phishing attacks represents a significant escalation in their tactics. By leveraging real face videos, the group can create highly convincing impersonations, making it difficult for targets to discern the deception. This method not only increases the likelihood of success but also exploits the trust that individuals have in their colleagues, making it a particularly insidious form of attack.
The incident involving Kenny Li and the Lazarus Group serves as a stark reminder of the evolving threats in the digital landscape. As technology advances, so do the methods employed by cybercriminals. The use of deepfake technology in phishing attacks highlights the need for enhanced security measures and increased awareness among professionals. It is crucial for individuals and organizations to stay vigilant and implement robust verification processes to protect against such sophisticated attacks.

Comments
No comments yet