A new scam involving AI-enabled social engineering has been uncovered, attributed to the North Korean hacking group UNC1069. This sophisticated operation, which has been active since 2018, employs deepfake technology to deceive individuals in the cryptocurrency sector.
According to a report from Google, the hackers utilize a compromised account to send a fake Zoom link through a calendar invite to an unsuspecting target. Upon joining the meeting, victims encounter a deepfaked impersonation of a CEO from another cryptocurrency company, who feigns technical difficulties and instructs them to execute harmful commands on their devices.
This scam is notable for its use of seven new malware families, designed to create backdoors and deploy data miners on compromised systems. Google highlights that the group's tactics may also serve to facilitate cryptocurrency theft and enhance future social engineering efforts by exploiting the identities and data of victims.
While the account linked to UNC1069 has been terminated, the group's previous use of the Gemini platform for developing malicious tools illustrates the ongoing threat posed by cybercriminals employing advanced technologies.