← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
BlueNoroff Uses ClickFix, Fileless PowerShell, and AI-Generated Fake Zoom Meetings to Target Web3 Sector
WHITE Lazarus PetrP.73 2026-04-30 Modified: 2026-05-30
42
IOCs
MEDIUM VOLUME
BlueNoroff, a financially motivated subgroup of North Korea's Lazarus Group, recently executed a series of sophisticated cyberattacks targeting the Web3/cryptocurrency sector. These attacks utilized innovative techniques including fileless PowerShell methods and social engineering tactics such as impersonating respected individuals in the fintech space to deliver manipulated invites for fake Zoom meetings.
bluenoroffzoomarctic wolftempteamstelegramjanuarykasperskyweb3ai generationwolfclickscreencapturefebruaryscreenmediapowershellfridaytheftpathjunecageychameleoncryptofacekingbeyondcopypayloadstagesdownloadimplantarchtargetpersistencecaptureverifyvirustotalarcticinsidelazaruswindows clickfixaes-256-cbchttphuntressjson
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (6 / 42 total)
All CVE FileHash-SHA256 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 17158cd6490a2b3c672d087f3d69107643d6a6f7c67345461b10ae18f27e28d1 2026-04-30
FileHash-SHA256 6030338469819129924c6e01e110145a128ca3d944cd4b696abc7925a1840001 2026-04-30
FileHash-SHA256 a37cb38b178833f15bf13fd5fa622b694c2244230ac0be33e75680c71dc08a08 2026-04-30
FileHash-SHA256 db446f0e1d18b43805bfefe1af934ae4b0879e376904635cc7e14eae2d7fc682 2026-04-30
FileHash-SHA256 dd1c72823f933952619cbb86aaeaea43057a259e9a0c9e3b11c82225ec3faaa1 2026-04-30
FileHash-SHA256 edd0301ffb793169b1314c59c0ef3a98d5793c0441dd43a7c484d61deb4f107f 2026-04-30
References (1)
↗ https://arcticwolf.com/resources/blog-uk/bluenoroff-uses-clickfix-fileless-powershell-ai-generated-fake-zoom-meetings-to-target-web3-sector/