"Hello? I can’t hear you": Investigating UNC1069’s Fake Meeting Tactics
Contents
"Hello? I can't hear you": Investigating UNC1069's Fake Meeting Tactics
We expanded our research into the recent UNC1069 campaign, which targets individuals by luring them into fraudulent meetings hosted by fake companies. Our analysis focuses on the diverse attack chains employed by the threat actors, as well as the scale and sophistication of their supporting infrastructure.
Key Points
- UNC1069, is a North Korean actor targeting cryptocurrency and Web3 professionals to facilitate financial theft.
- The group operates through fabricated corporate identities, engaging victims via platforms such as LinkedIn and Telegram with tailored partnership proposals. Victims are then invited to join fraudulent meetings hosted on platforms impersonating Zoom, Google Meet, or Microsoft Teams.
- These fake meeting environments are used not only to compromise victimsâ systems, but also to capture video and voice recordings, which are later reused in subsequent social engineering efforts.
- The attackers rely heavily on social engineering techniques, including ClickFix-style prompts and …
We expanded our research into the recent UNC1069 campaign, which targets individuals by luring them into fraudulent meetings hosted by fake companies. Our analysis focuses on the diverse attack chains employed by the threat actors, as well as the scale and sophistication of their supporting infrastructure.
Key Points
- UNC1069, is a North Korean actor targeting cryptocurrency and Web3 professionals to facilitate financial theft.
- The group operates through fabricated corporate identities, engaging victims via platforms such as LinkedIn and Telegram with tailored partnership proposals. Victims are then invited to join fraudulent meetings hosted on platforms impersonating Zoom, Google Meet, or Microsoft Teams.
- These fake meeting environments are used not only to compromise victimsâ systems, but also to capture video and voice recordings, which are later reused in subsequent social engineering efforts.
- The attackers rely heavily on social engineering techniques, including ClickFix-style prompts and …
IoC
https://urlscan.io/result/019bfe8d-fbbc-7248-a5b3-8d178be71bcf
https://urlscan.io/result/019bfe8d-44e5-73f9-9895-01e78b524c48
http://us02.us
http://07web.zoom.uk07.pro
http://weventure.capital
http://megabitcapital.com
http://gogoschip.online
http://www.web05meet.us
https://www.linkedin.com/company/lumax-capital
https://urlscan.io/result/019c34a8-53ae-748f-ab6b-44487d98973d
https://www.linkedin.com/company/we-venturecapital
http://zoom.05ukweb.uk
http://23.254.167.21
https://<domain
http://godlike-visit.online
http://w3bitcapital.com
http://us05.zoom.web04.us
http://104.168.143.111
http://ccx.capital
http://us05web.zoom.us05.us
https://urlscan.io/result/019cc4cc-a35c-718a-9496-b005500c7a79
http://02web-zoom.us
http://zoom.us07-web.us
http://coindeepseax.com
http://usweb.02room.us
http://02room.us
http://144.172.116.9
http://meet05.sbs
http://meet.a-z+/
http://zoom.02euweb.us
http://zoom.web05meet.us
http://web07us.uk07.us
http://05webus.meet.05uk.us
http://uk07.pro
http://chaincapx.com
https://urlscan.io/result/019c0014-f048-7748-8e0a-ef0deb9089f2
http://walleyevc.capital
http://uk03.web-zoom.uk
http://45.61.157.248
http://lumax.capital
http://zoom.web02meet.com
https://urlscan.io/result/019c34a7-ecf8-751a-9716-496b26eeee3f
http://144.172.114.220
http://walleyeventure.xyz
https://www.linkedin.com/company/walleyecpt
http://us07.web-zoom.uk
http://solidbitcapital.com
http://web-lives.com
http://45.61.129.29
http://108.174.198.11
http://web-.?(zoom|meet|teams
http://meet-05.sbs
http://meet.googleapps.eu.org
http://https://zoom.05ukweb.uk:3000
http://us03.zoom.meet-web.us
http://07webus.zoom.us07.sbs
http://us02web.zoom.us02.us
http://web05meet.us
http://us03.meet-web.us
http://walleyecapital.org
http://usweb.07-web.us
http://teamsupport.live
http://cdsx.capital
108.174.198.11
23.254.167.21
45.61.157.248
104.168.143.111
144.172.116.9
45.61.129.29
144.172.114.220
8445652beedba94a586e23bfc6af49d98d76845d178314212058258e68e51500
d60d079774cd05f11640ee7789256ed68a74fba1bbbf0f5201c6e174a9cb3bbd
48db089cf31488bcf0493e9deda3d21272c57f3be4f9031febda915f19191cdc
f3478504e9a0ce76eec51b656db835b661fe7df41cacf76a14cbc26fc705bbb1
ac38fb51937c123a7a52da7243ec2d25c8120158c31dc94bcd94e8935513f7b7
eaa63d074eb82c5d798b944e7e2b6ead1617508c8413845a81ba5ebd08a00b93
8976e76450bfb8af45f3c9ebc24a8f6a3df912d87a10b5625774fa6aace7fc19
c19133aaae9f1b3fc184e7b56c6e6adef4cb4a7961061d66d1dbbc4d7a492bcd
5cdec83048aba45a5a635f470c602c0f29fadeef5d3d5e7dc88291b1588b8dcc
755cc133ae0519accbcfdd5f8f0d9fe1aa08cbcb306c3e5f29ebcb6ac12d9323
0ed9a9b7923df0bad0be9ac7fe8ecb6a669715823f892d034b8d07ce9e0aa164
1c715cd40331ba2ca6559d2fdb958e7f44053080f9ffd3d90bd1916978d336cb
https://urlscan.io/result/019bfe8d-44e5-73f9-9895-01e78b524c48
http://us02.us
http://07web.zoom.uk07.pro
http://weventure.capital
http://megabitcapital.com
http://gogoschip.online
http://www.web05meet.us
https://www.linkedin.com/company/lumax-capital
https://urlscan.io/result/019c34a8-53ae-748f-ab6b-44487d98973d
https://www.linkedin.com/company/we-venturecapital
http://zoom.05ukweb.uk
http://23.254.167.21
https://<domain
http://godlike-visit.online
http://w3bitcapital.com
http://us05.zoom.web04.us
http://104.168.143.111
http://ccx.capital
http://us05web.zoom.us05.us
https://urlscan.io/result/019cc4cc-a35c-718a-9496-b005500c7a79
http://02web-zoom.us
http://zoom.us07-web.us
http://coindeepseax.com
http://usweb.02room.us
http://02room.us
http://144.172.116.9
http://meet05.sbs
http://meet.a-z+/
http://zoom.02euweb.us
http://zoom.web05meet.us
http://web07us.uk07.us
http://05webus.meet.05uk.us
http://uk07.pro
http://chaincapx.com
https://urlscan.io/result/019c0014-f048-7748-8e0a-ef0deb9089f2
http://walleyevc.capital
http://uk03.web-zoom.uk
http://45.61.157.248
http://lumax.capital
http://zoom.web02meet.com
https://urlscan.io/result/019c34a7-ecf8-751a-9716-496b26eeee3f
http://144.172.114.220
http://walleyeventure.xyz
https://www.linkedin.com/company/walleyecpt
http://us07.web-zoom.uk
http://solidbitcapital.com
http://web-lives.com
http://45.61.129.29
http://108.174.198.11
http://web-.?(zoom|meet|teams
http://meet-05.sbs
http://meet.googleapps.eu.org
http://https://zoom.05ukweb.uk:3000
http://us03.zoom.meet-web.us
http://07webus.zoom.us07.sbs
http://us02web.zoom.us02.us
http://web05meet.us
http://us03.meet-web.us
http://walleyecapital.org
http://usweb.07-web.us
http://teamsupport.live
http://cdsx.capital
108.174.198.11
23.254.167.21
45.61.157.248
104.168.143.111
144.172.116.9
45.61.129.29
144.172.114.220
8445652beedba94a586e23bfc6af49d98d76845d178314212058258e68e51500
d60d079774cd05f11640ee7789256ed68a74fba1bbbf0f5201c6e174a9cb3bbd
48db089cf31488bcf0493e9deda3d21272c57f3be4f9031febda915f19191cdc
f3478504e9a0ce76eec51b656db835b661fe7df41cacf76a14cbc26fc705bbb1
ac38fb51937c123a7a52da7243ec2d25c8120158c31dc94bcd94e8935513f7b7
eaa63d074eb82c5d798b944e7e2b6ead1617508c8413845a81ba5ebd08a00b93
8976e76450bfb8af45f3c9ebc24a8f6a3df912d87a10b5625774fa6aace7fc19
c19133aaae9f1b3fc184e7b56c6e6adef4cb4a7961061d66d1dbbc4d7a492bcd
5cdec83048aba45a5a635f470c602c0f29fadeef5d3d5e7dc88291b1588b8dcc
755cc133ae0519accbcfdd5f8f0d9fe1aa08cbcb306c3e5f29ebcb6ac12d9323
0ed9a9b7923df0bad0be9ac7fe8ecb6a669715823f892d034b8d07ce9e0aa164
1c715cd40331ba2ca6559d2fdb958e7f44053080f9ffd3d90bd1916978d336cb