Zoom & doom BlueNoroff call opens the door

Key findings
The Field Effect Analysis team has been investigating an incident involving a Canadian online gambling provider, where a threat actor employed social engineering tactics to take control of a victim’s computer and deploy infostealer malware.
We believe this is part of a targeted social engineering campaign leveraging both trusted contact impersonation and brand (Zoom) impersonation, with convincingly spoofed domains targeting operational workflows that prioritize speed and routine.

While multiple sources have reported on similar activity over the past month, our team identified a distinct set of indicators of compromise (IoCs) through additional investigations.

Given the unique findings, we opted to share our insights to contribute to the broader understanding of this activity. We believe, based on our findings and previous reports on similar activity, the threat actor may be associated with the advanced persistent threat (APT), BlueNoroff.

To read the complete article see: Zoom & doom: BlueNoroff call opens the door