North Korea’s Lazarus Is Targeting Crypto Executives With Zoom Calls
North Korean crypto hackers are taking phishing scams to new levels. Through GhostCall and GhostHire, they now use AI, hacked footage, and realistic impersonations to infiltrate the Web3 space more effectively than ever before.
North Korean crypto hackers are refining a familiar scam. They once relied on fake job offers and investment pitches to spread malware — now their methods are becoming more sophisticated.
Previously, these attacks depended on victims interacting directly with infected files. But tighter coordination among hacker groups has allowed them to overcome this weakness, using recycled video calls and impersonations of Web3 executives to deceive targets.
North Korea — A Crypto Hacking Pioneer
North Korean crypto hackers are already a global menace, but their infiltration tactics have significantly evolved.
Whereas these criminals used to only seek employment in Web3 firms, they’ve been using fake job offers to spread malware more recently. Now, this plan is expanding again.
According to reports from Kaspersky, a digital security firm, these North Korean crypto hackers are employing new tools.
BlueNoroff APT, a sub-branch of Lazarus Group, the most feared DPRK-based criminal organization, has two such active campaigns. Dubbed GhostCall and GhostHire, both share the same management infrastructure.
Novel Tactics Explained
In GhostCall, these North Korean crypto hackers will target Web3 executives, posing as potential investors. GhostHire, on the other hand, attracts blockchain engineers with tempting job offers. Both tactics have been in use since last month at the latest, but the threat has been increasing.
Whoever the target is, the actual scam is the same: they trick a prospective mark into downloading malware, whether it be a phony “coding challenge” or a clone of Zoom or Microsoft Teams.
Either way, the victim only needs to engage with this trapped platform, at which point the North Korean crypto hackers can compromise their systems.
Kaspersky noted a series of marginal improvements, like focusing on crypto developers’ preferred operating systems. The scams have a common point of failure: the victim has to actually interact with suspicious software.
This has harmed previous scams’ success rate, but these North Korean hackers have found a new way to recycle lost opportunities.
Turning Failures into New Weapons
Specifically, the enhanced coordination between GhostCall and GhostHire has enabled hackers to improve their social engineering. In addition to AI-generated content, they can also use hacked accounts from genuine entrepreneurs or fragments of real video calls to make their scams believable.
One can only imagine how dangerous this is. A crypto executive might cut off contact with a suspicious recruiter or investor, only to have their likeness later weaponized against new victims.
Using AI, hackers can synthesize new “conversations” that mimic a person’s tone, gestures, and surroundings with alarming realism.
Even when these scams fail, the potential damage remains severe. Anyone approached under unusual or high-pressure circumstances should stay vigilant—never download unfamiliar software or engage with requests that seem out of place.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Tharimmune’s $545 Million Initiative Speeds Up Blockchain Integration Among Institutions
- Tharimmune raised $545M via private placement led by DRW/Liberty City to build a Canton Coin treasury and develop institutional blockchain applications. - Funds will acquire Canton Coins, operate Super Validator nodes, and expand the Canton Network connecting Goldman Sachs , BNP Paribas, and DTCC. - Stock surged 120% post-announcement as Canton Foundation's first public investment and institutional backing from Deutsche Bank/HSBC highlight blockchain adoption trends. - Strategic leadership changes and $3
XRP News Today: Institutions Show Confidence in Ripple's Blockchain Ambitions Even as XRP Remains Unstable
- Ripple’s $40B valuation from a low-participation buyback reflects investor confidence in its regulatory clarity and expansion. - Partnerships with Mastercard and WebBank on RLUSD settlements highlight Ripple’s institutional credibility and blockchain innovation. - XRP faces short-term volatility, with analysts warning of potential 10% declines but some predicting 600% long-term outperformance over Bitcoin . - Strategic asset retention and ecosystem growth position Ripple as a key player in reshaping cryp
DeFi Faces Stability Challenge: USDX Redemption Issues Reveal Underlying Systemic Risks
- Whale investor 0xe454 spent $800,000 to buy 933,241 USDX tokens during its 2025 depeg to $0.3887, betting on recovery. - Redemption delays for both recent and prior 1.4M USDX purchases raised concerns over protocol stability and liquidity risks. - Lista DAO's emergency vote (LIP 022) aims to liquidate USDX positions amid 800% borrowing rates, mirroring 2025 xUSD collapse risks. - Experts warn cross-collateralized DeFi structures amplify systemic risks, urging stronger collateral diversification to preven
Fed’s QE Strategy: Could AI Mania Lead to a Repeat of the 1999 Bubble?
- Billionaire Ray Dalio warns Fed's shift to QE risks inflating an AI-driven bubble akin to 1999's dot-com crash. - He criticizes reinvesting MBS proceeds into Treasury bills as monetizing debt while cutting rates amid large fiscal deficits. - Analysts highlight risks of reduced T-bill supply, lower yields, and repo market strains from Fed's $15B/month Treasury demand. - AI sector valuations and corporate earnings will test Dalio's concerns as November inflation data and PMI reports approach.
Trending news
MoreCrypto prices
More
