North Korean hackers attack crypto professionals through associated individuals and AI-generated video content

The state hacker group Lazarus Group, also known as BlueNoroff, is intensifying operations against professionals in the cryptocurrency industry by utilizing advanced artificial intelligence technologies to create convincing video calls. Unlike traditional phishing attacks, hackers target connected individuals of the victim—acquaintances, colleagues, or people whom users consider reliable sources of information. This social engineering tactic significantly increases the likelihood of a successful attack, as victims are more likely to trust advice from their contacts.

How crypto scammers operate: attack mechanisms

A specific case shared by Martin Kučara, co-founder of BTC Prague, provides a clear understanding of modern attack methods. Hackers compromise Telegram user accounts, using them to initiate video calls to potential victims. In these conversations, attackers pose as acquaintances or support service specialists, complaining about technical sound issues in Zoom.

The next step is convincing the victim to download a "plugin to fix audio," which is actually malicious software. The user may not even suspect that they are installing code that grants hackers full control over their device. Researchers from Huntress noted that this attack scenario often targets macOS systems, which have traditionally been considered less vulnerable.

Lazarus Group and BlueNoroff: an in-depth source analysis

The SlowMist blockchain security service and Huntress analysts independently confirmed the origin of these attacks. The characteristic features of the malicious code—including backdoor installation, activation of keyboard spies, and clipboard content theft—clearly indicate Lazarus Group’s operational methods.

Crypto professionals and blockchain developers are a clear focus of these actions. Hackers deliberately target connected individuals within the victim’s circle to gain access to encrypted wallets and confidential information. Researchers speculate that the attackers have accumulated detailed profiles on individual members of the crypto community, enabling them to effectively choose attack vectors.

The threat of deepfakes and the need to reformat security

With the development of AI-generated voice and video synthesis technologies, traditional methods of verifying a person's authenticity—including voice and appearance—are becoming unreliable. Even a "live" video call no longer guarantees the authenticity of the interlocutor.

To protect their digital assets, crypto professionals should implement multi-factor authentication across all critical platforms. It is recommended not to rely solely on facial recognition when receiving requests to install software, even if the request comes from connected individuals. The industry should consider implementing hardware security keys and other independent verification methods to safeguard crypto wallets.

Thus, the continuous adaptation of the North Korean hacker group to new technologies significantly increases the risk level for the entire crypto community.