How North Korean Hackers Turn Deepfake Zoom Calls Into Crypto Heists
North Korean-linked hackers are using deepfake video calls on Zoom to trick crypto victims into deploying malware for significant digital asset theft.Summary
A North Korea-nexus threat actor, identified as UNC1069, is evolving its social engineering tactics by integrating AI-enabled lures, specifically deepfake video calls, into attacks targeting the cryptocurrency sector. Mandiant investigated an intrusion where attackers used a compromised Telegram account to contact a FinTech victim, eventually setting up a fake Zoom meeting. During this call, the victim reportedly saw a deepfake video of another company's CEO. The attackers then created audio issues as a pretext to instruct the victim to run troubleshooting commands, which secretly deployed multiple malware families designed to steal credentials, browser cookies, and session information, aiming for crypto theft and future intelligence gathering. This incident aligns with a broader trend, as North Korean groups were responsible for $2.02 billion in stolen digital assets in 2025, and AI tools are making convincing deepfakes increasingly accessible.
(Source:BeInCrypto)