Manta Co-Founder Escapes Lazarus Group’s Sophisticated Zoom Phishing Attack
LTB Manta Co-Founder Thwarts Lazarus Group’s Cunning Zoom Phishing Assault
Kenny Li, the co-founder of Manta Network, an Ethereum layer-2 project, barely escaped a sophisticated phishing attempt by the infamous Lazarus Group. This incident showcases the escalating threat posed by North Korean hackers to the crypto industry, using advanced tactics like deepfakes and social engineering.
- Kenny Li targeted by Lazarus Group
- Zoom phishing used with deepfakes and social engineering
- Li avoids trap, highlighting growing North Korean cyber tactics
The Lazarus Group, notorious for their Hollywood-level production in cybercrime, nearly tricked Kenny Li with a fake Zoom meeting. Li shared his experience, saying, “Just got targeted by Lazarus. A known contact on TG reached out to me to ask for a chat. Scheduled a Zoom call. When I got on the Zoom, it asked me for camera access which I found a bit odd because I have used Zoom many times.” The attackers cleverly manipulated the audio, prompting Li to download a supposed fix. However, Li, wary of such tricks, refused and suggested switching to Google Meet, a move the impersonator quickly rejected. Li remarked, “Lazarus social engineering is getting pretty good,” underscoring the group’s deceptive prowess.
The Lazarus Group, part of North Korea’s broader cyber campaign, employs a diverse set of tactics. Their toolkit includes not just phishing but also deepfakes, malware, and the art of tricking people into giving away information, known as social engineering. These methods are part of a larger effort by North Korea, with subgroups such as AppleJeus, APT38, and TraderTraitor using various strategies to target the cryptocurrency sector. Their audacity was on full display during the staggering $1.4 billion Bybit hack in February.
Security experts have sounded the alarm. Nick Bax from the Security Alliance (SEAL) warned, “Having audio issues on your Zoom call? That’s not a VC, it’s North Korean hackers.” Meanwhile, Samczsun, a researcher at Paradigm, emphasized the ongoing danger, stating, “DPRK hackers are an ever-growing threat against our industry.”
The incident with Li and the broader context of North Korean cyber operations highlight the need for vigilance and robust crypto security measures within the cryptocurrency community. Ethereum layer-2 projects, which aim to enhance the scalability and efficiency of the Ethereum blockchain, are particularly at risk due to their burgeoning importance. Manta Network, with its focus on scaling and privacy solutions, represents the kind of innovation that attracts not just legitimate interest but also malicious attention.
As the crypto industry continues to expand, the need for enhanced security protocols becomes ever more critical. The FBI has even issued a public service announcement, urging private sector entities to block transactions with specific Ethereum addresses linked to North Korean hackers, a practical step toward safeguarding assets.
The crypto community, from newcomers to seasoned veterans, must stay informed and proactive. Understanding terms like “deepfakes”—manipulated videos that appear real—and “social engineering”—the art of tricking people into divulging confidential information—is crucial. These are the tools of modern cyber warfare, and knowledge is the first line of defense.
While the promise of decentralization, freedom, and disrupting the status quo drives the crypto revolution forward, the dark side of this landscape requires constant vigilance. The Lazarus Group’s attempt on Kenny Li is a chilling reminder that in the world of Bitcoin, cryptocurrencies, and blockchain, the stakes are high, and the threats are real.
Key Takeaways and Questions
- What happened to Kenny Li?
Kenny Li was targeted by North Korea’s Lazarus Group in a Zoom phishing attempt where hackers used familiar faces and manipulated audio issues to trick him into downloading a malicious script.
- How did Kenny Li avoid the phishing attempt?
Li avoided the trap by refusing to download the script and suggesting to switch to Google Meet, which the impersonator refused.
- What tactics does the Lazarus Group use?
The Lazarus Group uses deepfakes, malware, social engineering, and various other cyber tactics to deceive their targets.
- What other groups are part of North Korea’s cyber campaign?
Other groups involved include AppleJeus, APT38, and TraderTraitor, each employing different hacking strategies.
- What recent hack was linked to the Lazarus Group?
The Lazarus Group was linked to the $1.4 billion Bybit hack in February.
- What advice was given to protect against such attacks?
Security experts advised adopting basic defenses, least privilege access, 2FA, device segregation, and contacting groups like SEAL 911 in the event of a breach.
- What broader implications does this have for the cryptocurrency industry?
The incident underscores the growing sophistication and threat of North Korean hackers to the crypto industry, necessitating robust cybersecurity measures and vigilance among industry participants.
“Just got targeted by Lazarus. A known contact on TG reached out to me to ask for a chat. Scheduled a Zoom call. When I got on the Zoom, it asked me for camera access which I found a bit odd because I have used Zoom many times.” – Kenny Li
“Lazarus social engineering is getting pretty good.” – Kenny Li
“Having audio issues on your Zoom call? That’s not a VC, it’s North Korean hackers.” – Nick Bax
“DPRK hackers are an ever-growing threat against our industry.” – Samczsun
