![You've been muted...permanently. [Research Saturday]](https://megaphone.imgix.net/podcasts/89c30a52-6102-11f1-a2c4-532fdc889140/image/95b72a93c2ffaf8ff900d662a9bd3735.png?ixlib=rails-4.3.1&max-w=3000&max-h=3000&fit=crop&auto=format,compress)
You've been muted...permanently. [Research Saturday]
From CyberWire Daily by N2K Networks
June 6, 2026 · 21 min · Season 10 · Episode 428
About this episode
Ismael Valenzuela discusses a sophisticated campaign by the Lazarus Group's BlueNoroff targeting cryptocurrency executives through fake meetings and AI-generated deepfakes.
Ismael Valenzuela, Arctic Wolf’s VP of Labs, Threat Research and Intelligence, discusses their work on "BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web3 Sector." Arctic Wolf researchers uncovered a sophisticated campaign by North Korean threat group Lazarus Group subgroup BlueNoroff that targets cryptocurrency and Web3 executives through fake Zoom and Microsoft Teams meetings, using typo-squatted links, ClickFix-style attacks, and AI-generated deepfakes to steal credentials and cryptocurrency-related data. The attackers built a self-reinforcing operation that captures victims’ webcam footage and Telegram sessions, then repurposes those assets alongside AI-generated images to create increasingly convincing fake meeting participants for future attacks. Researchers identified more than 100 victims across 20 countries, with the campaign primarily targeting CEOs, founders, investors, and senior leaders in the cryptocurrency, blockchain, and financial sectors as part of a long-running effort to steal digital assets and gain access to high-value networks. The research and executive brief can be found here: BlueNoroff Uses ClickFix…
People in this episode
Guest: Ismael Valenzuela
Topics covered
- cybersecurity
- North Korea
- cryptocurrency
- Web3
- AI-generated deepfakes
- threat intelligence
Keywords
- BlueNoroff
- Lazarus Group
- cyber attacks
- Zoom
- Microsoft Teams
- deepfakes
- cryptocurrency
- Web3
- ClickFix
- threat research
Mentioned in this episode
Organizations: Arctic Wolf, Lazarus Group, BlueNoroff, Microsoft Teams, Zoom
Books & works: BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web3 Sector
Places: 20 countries
More episodes of CyberWire Daily
- The court calls Google’s bluff. · June 11, 2026 · 31 min
- The patch pile reaches new heights. · June 10, 2026 · 32 min
- A checkmark for trust, a payload for theft. · June 9, 2026 · 27 min
- Meta’s recovery plan needed recovery. · June 8, 2026 · 29 min
- Spoofing ships, jamming drones: how GPS manipulation confuses and compromises. [T-Minus: Space-Cyber Briefing] · June 7, 2026 · 27 min
- The NSA gets an AI upgrade. · June 5, 2026 · 32 min
Explore listener stats, chart rankings, contacts and more on the CyberWire Daily podcast page.