You've been muted...permanently. [Research Saturday]

You've been muted...permanently. [Research Saturday]

From CyberWire Daily by N2K Networks

June 6, 2026 · 21 min · Season 10 · Episode 428

About this episode

Ismael Valenzuela discusses a sophisticated campaign by the Lazarus Group's BlueNoroff targeting cryptocurrency executives through fake meetings and AI-generated deepfakes.

Ismael Valenzuela, Arctic Wolf’s VP of Labs, Threat Research and Intelligence, discusses their work on "BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web3 Sector." Arctic Wolf researchers uncovered a sophisticated campaign by North Korean threat group Lazarus Group subgroup BlueNoroff that targets cryptocurrency and Web3 executives through fake Zoom and Microsoft Teams meetings, using typo-squatted links, ClickFix-style attacks, and AI-generated deepfakes to steal credentials and cryptocurrency-related data. The attackers built a self-reinforcing operation that captures victims’ webcam footage and Telegram sessions, then repurposes those assets alongside AI-generated images to create increasingly convincing fake meeting participants for future attacks. Researchers identified more than 100 victims across 20 countries, with the campaign primarily targeting CEOs, founders, investors, and senior leaders in the cryptocurrency, blockchain, and financial sectors as part of a long-running effort to steal digital assets and gain access to high-value networks. The research and executive brief can be found here: BlueNoroff Uses ClickFix…

People in this episode

Guest: Ismael Valenzuela

Topics covered

  • cybersecurity
  • North Korea
  • cryptocurrency
  • Web3
  • AI-generated deepfakes
  • threat intelligence

Keywords

  • BlueNoroff
  • Lazarus Group
  • cyber attacks
  • Zoom
  • Microsoft Teams
  • deepfakes
  • cryptocurrency
  • Web3
  • ClickFix
  • threat research

Mentioned in this episode

Organizations: Arctic Wolf, Lazarus Group, BlueNoroff, Microsoft Teams, Zoom

Books & works: BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web3 Sector

Places: 20 countries

More episodes of CyberWire Daily

Explore listener stats, chart rankings, contacts and more on the CyberWire Daily podcast page.