Attackers tracked as Elusive Comet group.
Information-stealing payloads have been distributed by North Korean threat actors against cryptocurrency traders and venture investors through the exploitation of the Zoom remote collaboration feature.
Separate advisories from the non‑profit Security Alliance (SEAL) and cybersecurity research firm Trail of Bits, and reported by SecurityWeek, disclosed how Pyongyang hackers posing as VC investors have been caught sending phishing lures with Calendly links to Zoom meetings.
Tracked as Elusive Comet, the attackers lure targets into sharing their screen, with attackers then leveraging Zoom to seek control over their computer. Targets' approval of remote access is then followed by the deployment of an infostealer or a remote access trojan, said the SEAL alert.
Another report from cybersecurity consulting company
Trail of Bits showed the attack technique being leveraged by threat actors masquerading as Bloomberg producers on X, who lured the firm's CEO for an interview regarding cryptocurrency.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
