These North Korean phishers just don't stop
Contents
These North Korean phishers just don't stop, I managed to get another fun one today, this one was interesting because they hijacked a known contact 🧵
This all started when I met Joel in Hong Kong during Consensus
We didn't talk for months, it was just a fun conversation, we didn't have anything to follow up on
After the attacker compromised the account, they tried to warm up the lead again with an unassuming request. I was busy that month so I scheduled the meeting for 1 month later, and the hackers patiently waited
They send a real looking Zoom subdomain link, but the actual hyperlink if you look links to a phishing site
Anytime I suggest Google Meet, they find an excuse to avoid it
The site itself looks clean and has no obvious red flags unless you're pixel peeping
It instantly downloads a pkg when you visit the site
Eventually …
This all started when I met Joel in Hong Kong during Consensus
We didn't talk for months, it was just a fun conversation, we didn't have anything to follow up on
After the attacker compromised the account, they tried to warm up the lead again with an unassuming request. I was busy that month so I scheduled the meeting for 1 month later, and the hackers patiently waited
They send a real looking Zoom subdomain link, but the actual hyperlink if you look links to a phishing site
Anytime I suggest Google Meet, they find an excuse to avoid it
The site itself looks clean and has no obvious red flags unless you're pixel peeping
It instantly downloads a pkg when you visit the site
Eventually …