**North Korean Hackers Upping Their Game with AI-Generated Video Malware**

In a shocking escalation of cyber threats, North Korean hackers have been using artificial intelligence-generated video to deliver malware on both macOS and Windows operating systems. A recent report by Mandiant reveals the sophisticated tactics employed by these state-sponsored groups to target organizations in the cryptocurrency sector.

The malicious campaign, attributed to the group tracked as UNC1069, involves a combination of compromised Telegram accounts, fake Zoom calls, deepfake videos, and multiple malware strains. The attack begins with a phishing email or message sent from a compromised account of a CEO or other high-ranking executive, inviting the victim to a Zoom call.

However, instead of a legitimate meeting, the victim is lured into a spoofed Zoom conference hosted on the threat actor's infrastructure – zoom[.]uswe05[.]us. The hackers then use AI-generated video to impersonate the CEO, claiming that the victim's audio is not working and that they need to fix it.

As part of this clever ruse, the victim is presented with a "solution" that supposedly resolves the non-existent issue. However, in reality, this solution unleashes a barrage of malware, including WAVESHAPER, HYPERCALL, HIDENCALL, SUGARLOADER, SILENCELIFT, DEEPBREATH, and CHROMEPUSH.

These malicious tools form a multi-stage infection chain that enables persistence, credential harvesting, browser data theft, and long-term access. The attackers' ultimate goal is to steal valuable cryptocurrency assets from their victims.

The use of AI-generated video in these attacks marks a significant escalation in the tactics employed by North Korean hackers. This sophisticated approach allows them to create convincing deepfakes that can evade even the most advanced security measures.

UNC1069 is not a widely recognized threat actor, and its true identity remains unclear. However, the group's use of advanced techniques and state-sponsored backing suggests a high level of sophistication and resources at play.

The cryptocurrency sector has long been a prime target for North Korean hackers, with many high-profile heists attributed to state-sponsored groups such as Lazarus. These attacks have enabled the country to fund its weapons program and state apparatus through stolen crypto assets.

As the threat landscape continues to evolve, it is essential for organizations in the cryptocurrency sector to stay vigilant against these emerging threats. By understanding the tactics employed by North Korean hackers, businesses can better prepare themselves to defend against these sophisticated attacks.

**Related Stories:**

* **North Korea's Lazarus Group: The Shadowy Hackers Behind $1 Billion in Stolen Crypto** * **The 2025 Bybit Hack: How North Korean State-Sponsored Groups Stole $1.5 Billion in Ether-Related Assets**

**Stay Ahead of the Threat:**

* **Read our comprehensive guide to the best antivirus software for your business needs** * **Learn how to protect yourself against ransomware attacks with our expert tips and advice** * **Follow TechRadar on Google News and add us as a preferred source for the latest news, reviews, and opinion in the tech industry**