Google subsidiary security firm: “North Korean hackers are attacking the crypto industry with deepfakes and fake Zoom meetings”

A Google-owned cybersecurity firm warned that North Korean hacking groups are expanding phishing attacks targeting the virtual-asset (cryptocurrency) industry by using AI deepfakes and fake video meetings. The targets appear to be spreading across the broader virtual-asset sector.

On the 10th (local time), crypto-focused media outlet Decrypt, citing a report released by Google-owned cybersecurity firm Mandiant, reported that North Korean hackers are carrying out sophisticated social-engineering attacks using AI technology. They use deepfake videos and fake Zoom meetings to deceive victims.

According to the report, the North Korean hackers are broadly targeting not only software companies and developers but also venture capital firms, fintech companies, and employees and executives at virtual-asset companies. In particular, they are using video conferences disguised as job interviews or business meetings to deliver malicious files or steal account information.

Mandiant noted that such attacks are harder to detect than traditional phishing emails or malicious links and have a higher likelihood of success. The use of deepfake videos that mimic real people’s faces and voices makes it harder for victims to recognize the attack.

The report recommended that virtual-asset and fintech firms strengthen security verification procedures for video-meeting invitations, file sharing, and new-hire recruiting processes. It stressed the need for particular caution regarding executing files delivered from external sources and requests for account authentication.

North Korean hacking groups are known to have long been involved in hacking and stealing funds from crypto exchanges, DeFi protocols, and blockchain companies. The security industry believes that the spread of AI technology could further sophisticate such attacks.