lazarusholic

2025-06-20, FieldEffect
https://fieldeffect.com/blog/zoom-doom-bluenoroff-call-opens-the-door
#BlueNoroff

Security Intelligence
June 20, 2025 | Security intelligence
Zoom & doom: BlueNoroff call opens the door
By Field Effect
With contributions from Daniel Albrecht, Sean Alexander, Elena Lapina.
Key findings
The Field Effect Analysis team has been investigating an incident involving a Canadian online gambling provider, where a threat actor employed social engineering tactics to take control of a victim’s computer and deploy infostealer malware.
We believe this is part of a targeted social engineering campaign leveraging both trusted contact impersonation and brand (Zoom) impersonation, with convincingly spoofed domains targeting operational workflows that prioritize speed and routine.
While multiple sources have reported on similar activity over the past month, our team identified a distinct set of indicators of compromise (IoCs) through additional investigations.
Given the unique findings, we opted to share our insights to contribute to the broader understanding of this activity. We believe, based on our findings and previous reports on similar activity, the threat actor may be …

http://biz-zoom.us
http://meet.openfort-team.xyz
http://zoom.su05web.us
http://app-zoom.website
http://meet.str8fire-team.network
http://rwa.business-zoom.us
http://meet.rwa-team.video
http://globiscapitals.com
http://mail.web021zoom.us
http://webus07.us
http://zoomapp.downloadcenter.website
http://mzweb3.bu-zoom.us
http://uk03web.us
http://zoom-tech.us/zoom-meeting/password/<target_identifier
http://capitalviabtc.com
http://zoom.ukweb05.us
http://zoom-tech.us
http://group.superstatefund.co
http://republic.usweb-zoom.us
http://bizmeeting.video
http://openfort.xyz
http://boolnetwork.xyz
https://ajayplamingop.com/<target_identifier
http://web011zoom.us
http://zoom.ukweb07.us
http://matias.uefa-meeting.com
http://officezoom.us
http://meet.twosigma-vc.com
http://business-zoom.us
http://tom.uefa-meeting.com
http://cr-zoom.us
http://zoom-tech.us/fix/audio/<target_identifier
http://fronterixbusiness.com
http://krakenmeetings.com
http://bizmeeting.org
http://meet.capitalviabtc.com
http://stage.bizmeet.online
http://meetwithhealthyh2o.com
http://ukweb07.us
http://interzoom.us
http://xn--rxamia.com
http://meet.globiscapitals.com
http://zoom.uk06web.us
http://partner.hartmanmcapital.com
http://zoom-tech.us/fix/audio-tw/<target_identifier
http://usweb08.us
http://openfort.video
http://zoom.uk03web.us
http://bizmeet.online
http://web001zoom.us
http://meet.mythicaigames.foundation
http://meet.superstatefund.co
http://zoom-sdk.us
http://skalelabs.pre-zoom.us
http://api-zoom.com
http://mythicaigames.foundation
http://0-9.{3
http://jp-zoom.com
http://app-center.download
http://zoom.usweb08.us
http://23.254.203.244
http://hanagroup.live
http://zmwebsdk.com
http://as-zoom.us
http://zoomtomeet.pposbc.org
http://meet.picwe-team.com
http://skalelabs.bu-zoom.us
http://meet.capitalviabtc.comhollow-jordan-narrow.on-fleek.app
http://justbuiltprojects.com.au
http://hartmanmcapital.com
http://openfort.businessmeet.xyz
http://synternetlab.com
http://str8fire.businessmeet.xyz
http://zoom.uk07web.us
http://zooom.pages.dev
http://extrazoom.us
https://zmwebsdk.com/zoom-data/up<target_identifier
http://meet.re7.network
http://globiscapital.co
http://zoom.personifyio.com
http://twosigma-vc.com
http://ae-zooom-hegne-meetingsfromf6758s.pages.dev
http://hanagroup.video
http://openfort-team.xyz
http://api.zoom-sdk.us
http://meet.globiscapital.co
http://republic.extrazoom.us
http://republic.pre-zoom.us
http://web.interzoom.us
http://gmail.com
http://luc.uefa-meeting.com
http://riccardo.uefa-meeting.com
http://web.zoomhub.us
http://meet.synternetlab.com
http://mzweb3.jp-zoom.com
http://zoomhub.us
http://zooom.in
http://meeting-zoom-witcam-tests-meet-id-5u83-82f3-8h39-83h9-d9e3.pages.dev
http://webmeet.icu
http://web3fund.as-zoom.us
http://hk05web.us
http://rwa-team.video
http://uk06web.us
http://zoom.app-center.download
https://ajayplamingo.com/<target_identifier
http://zoom.hanagroup.live
http://ignite.bizmeeting.org
http://str8fire-team.network
http://su05web.us
http://ae-zoom.us
http://skalelabs.usweb-zoom.us
http://zoom.webus02.us
http://alejandro.uefa-meeting.com
http://republic.innerteams.us
http://bu-zoom.us
http://innerteams.us
http://ajayplamingo.com
http://zoom.downloadcenter.website
http://republic.officezoom.us
http://dunamu.jp-zoom.com
http://gcp.webzoom.video
http://uefa-meeting.com
http://partners.boolnetwork.xyz
http://capitalviabtc.comhollow-jordan-narrow.on-fleek.app
http://skalelabs.as-zoom.us
http://webzoom.video
http://mediaprime.team
http://www.apple.com/DTDs/PropertyList-1.0.dtd
http://skalelabs.mediaprime.team
http://zoom.ukweb06.us
http://webus02.us
http://kourosh.uefa-meeting.com
http://sammy.uefa-meeting.com
http://usweb-zoom.us
http://zooommeeting.pages.dev
http://web3fund.io
http://meet.hanagroup.video
http://stage.bizmeet.org
http://calystiabusiness.com
http://baincapitalcrypto.zm-meeting.com
http://web021zoom.us
http://web001-zoom.us
http://republic.bu-zoom.us
http://superstatefund.co
http://downloadcenter.website
http://uk07web.us
http://hwsrv-1275416.hostwindsdns.com
http://zoom.webus07.us
http://viabtc.webmeet.vip
http://ignite.bizmeeting.video
http://zoom.hk05web.us
http://ecosystem.openfort.video
http://en-zoom.us
http://republic.biz-zoom.us
http://communicationhub.us
http://pre-zoom.us
http://zach.uefa-meeting.com
23.254.203.244
[email protected]
81612CAB25C707A4C5D12BB21FF5F87386FB52DCD0A12BBD063A9B4B11F2DF14
6FFA82B33EC40477829E240458D65707EEF882F8
036CA0A9D6A87E811F96F3AAADD8D0506954716CDB3B56915FC20859F1363C2F
97EE87A342C9977383161185DE934B2BE27BD01A
CCF7F7678965105142F6878D7B1F1F1C6F31FDBC45B0E50B8E70D0441F0B7472
4D101F0CA2BD81C23F0E68DBF34B3CD6625188B7
032E3E9A09F58A5B776C7374FC66D822
1653D75D579872FADEC1F22CF7FEE3C0
C1793375AA046213293F367AD338F5D8
5B6CE5E4AB8805884E497B53E57E05BE8B2AB07C87DADCBDCE137AC7DF025690
1269E7279B701777A660C7FA982F480CD1FFA43B
73D26EB56E5A3426884733C104C3F625