Manta co-founder Kenny Li escaped when North Korean state-affiliated cyber attackers—the Lazarus group- launched an attempted phishing attack.
Revealing details about how the hackers approached him, Li wrote on X, “A known contact on TG reached out to me to ask for a chat. Scheduled a Zoom call. When I got on the Zoom, it asked me for camera access, which I found a bit odd because I have used Zoom many times.” however, unlike other phishing attack where the hackers dont show their real faces “the team members had their cameras on. I could see their legit faces. Everything looked very real. But I couldn’t hear them. It said my Zoom needs an update. But it asked me to download a script file.”
Although the impersonator had their cameras on, and everything looked legitimate, Li was suspicious as there was no sound, and also because there was a prompt to download a script. To exonerate his suspicion, the co-founder asked the impersonator to verify themselves on Telegram, but they did not comply. Following this request, the bad actors erased all the messages and blocked him
Nonetheless, Li managed to capture a screenshot of a part of the conversation where he requested the intruder to move over to Google Meet.
Li further believes that the live video was a recording of a past meeting of real members, as it didn’t seem AI-generated. The co-founder stated that the quality of the video was the usual webcam quality.
Interestingly, many others who were approached the same way by what seems to be the Lazarus group commented on Li’s tweet and shared their experience and how they were approached.
Advising the crypto community, Li stated, “The biggest red flag will always be a downloadable. Whether it’s in the form of an update, an attachment, app, or anything else, if you need to download something in order to continue something with the person on the other side, don’t do it.”
