Key theft through malicious links… Damage exceeds $300 million
);)
The cybersecurity nonprofit SEAL Security Alliance announced on the 14th that North Korean hackers are continuing their attacks using fake Zoom meetings as bait to spread malware. Security researcher Taylor Monahan warned that this technique has so far resulted in over $300 million (KRW 441.99 billion) in losses.
According to Monahan, the attack begins with a Telegram message from someone the victim knows. The hacker pretends to be friendly and initiates a conversation, then suggests a Zoom meeting and shares a link beforehand. The link uses real-life recorded videos or publicly available footage, making it difficult for the victim to identify the person.
Once the meeting begins, the hacker uses audio issues as an excuse to send a patch file. Upon execution, malware is installed on the device. The hacker then ends the meeting and disconnects, suggesting a rescheduled meeting.
Immediate action was also emphasized in the event of clicking a malicious link. Monahan advised that if a suspicious file is executed, users should immediately disconnect from Wi-Fi, shut down the device, transfer cryptocurrency to a new wallet using a different device, and change all passwords. He also explained that two-factor authentication should be enabled and infected devices should only be reused after a full factory reset.
Telegram account security was particularly highlighted as a key concern. Hackers use compromised Telegram accounts to launch additional attacks on stored contacts. Monahan emphasized that all sessions should be terminated in Telegram settings, passwords should be changed, and multi-factor authentication should be implemented.
"If you suspect your Telegram account has been hacked, it's important to let those around you know immediately," Monahan said. "Silence can lead to further victimization."
Reporter Jeong Ha-yeon yomwork8824@blockstreet.co.kr
