North Korean Hacker Group Bluenoroff Attempts Hacking Attack via Zoom
Contents
On June 25, 2025, David Zhang, co-founder of the stablecoin platform Stably and the public grant protocol dTRINITY, revealed a highly sophisticated phishing attack in a post on X (formerly Twitter).
Unlike traditional phishing that simply lures victims into clicking malicious links, this attack used social engineering techniques that impersonated a trusted contact by hijacking their account. The attacker pushed a fake Zoom meeting and delivered malware disguised as a Zoom installation file. When Zhang hesitated, the attacker insisted on using Zoom and refused alternatives like Google Meet—indicating a well-prepared attack scenario.
This article details the full attack process and demonstrates how Criminal IP was used to trace the phishing domain and identify the associated threat infrastructure, ultimately uncovering the hacking group behind the campaign.
Zoom-themed Phishing with a Fake Meeting Request
The attacker initiated contact by proposing a collaboration between zkVerify and a DeFi protocol, requesting a virtual meeting. On the day of …
Unlike traditional phishing that simply lures victims into clicking malicious links, this attack used social engineering techniques that impersonated a trusted contact by hijacking their account. The attacker pushed a fake Zoom meeting and delivered malware disguised as a Zoom installation file. When Zhang hesitated, the attacker insisted on using Zoom and refused alternatives like Google Meet—indicating a well-prepared attack scenario.
This article details the full attack process and demonstrates how Criminal IP was used to trace the phishing domain and identify the associated threat infrastructure, ultimately uncovering the hacking group behind the campaign.
Zoom-themed Phishing with a Fake Meeting Request
The attacker initiated contact by proposing a collaboration between zkVerify and a DeFi protocol, requesting a virtual meeting. On the day of …