Fintech & PaymentsBrand & Safety IncidentVoice AgentHigh

North Korea-linked actors use AI executive deepfakes in Zoom phishing targeting Web3 employees

North Korean threat actors from the BlueNoroff group used AI-generated deepfake executives during Zoom calls to deceive Web3 employees. The attackers lured targets via Telegram and used the fake video calls to trick them into installing macOS malware.

BlueNoroff (North Korea-linked) · Incident Jun 22, 2025 · Indexed Jun 22, 2026 · 3 sources

North Korean hackers used deepfake Zoom calls and Telegram links to infect Mac systems at a crypto firm.

Key facts

What
North Korean threat actors from the BlueNoroff group used AI-generated deepfake executives during Zoom calls to deceive Web3 employees.
Incident date
Jun 22, 2025
Who
BlueNoroff (North Korea-linked)
Failure mode
Brand & Safety Incident
AI surface
Voice Agent
Severity
High

What happened

North Korea-linked actors targeted cryptocurrency and Web3 employees through a multi-stage campaign. After initiating contact via Telegram, victims were lured into Zoom calls where AI-generated deepfakes of executives were used to build trust. The attackers then tricked the victims into executing malicious commands, leading to the compromise of their macOS devices.

What broke inside the model

Failure path · mode profile · Brand & Safety Incident
  1. 01 · TriggerA user prompts the model in public view.
  2. 02 · Model stepThe model produces unsafe or off-brand output.
  3. 03 · Control gapNo filter holds the line before publish.
  4. 04 · FailureThe output goes public unchecked.
  5. 05 · ConsequenceA reputational or safety incident lands.

A contained signal crosses into output that goes public.

Generative AI was used to create convincing real-time audio and video impersonations of executives. This bypassed human ability to detect social engineering by providing a high-fidelity visual and auditory proxy for identity verification.

What it cost

Public visibilityHigh
Regulatory exposureNone
Customer impactFew customers
Financial impactUnknown
Time to disclosureDays

Sources

  1. PressBlueNoroff Deepfake Zoom Scam Hits Crypto Employee ...thehackernews.com
  2. PrimaryInside the BlueNoroff Web3 macOS Intrusion Analysishuntress.com
  3. PressNorth Korean hackers use deepfakes in Zoom calls to target Mac userspaubox.com

Cite this entry

Permalinkhttps://failureindex.ai/failures/north-korea-linked-actors-use-executive
CitationAI Failure Index. "North Korea-linked actors use AI executive deepfakes in Zoom phishing targeting Web3 employees" (FI-0611). Realm Labs. https://failureindex.ai/failures/north-korea-linked-actors-use-executive (indexed Jun 22, 2026).
Share cardA branded image of this record for posts and slides.

Data fields CC-BY 4.0, prose citation permitted. Incident ID FI-0611. Full dataset at /data.

Note from Realm Labs, the Index steward

How Realm would have caught this

Controls for this failure mode
  • Prism
  • OmniGuard
  • AI Detection & Response (AIDR)

Realm watches the model's internal state for the signature of unsafe or off-brand generation and can block or reroute the output before it becomes public, in real time rather than after it has been screenshotted.

Book a Demo

Related failures

Other records that share this failure mode (Brand & Safety Incident) or industry (Fintech & Payments).

FI-0334SaaSHigh
Brand & Safety Incident

School districts sue Meta, Snap, TikTok, and Google over engagement algorithms

Meta, Snap, TikTok, and Google allegedly used AI recommendation and notification systems to maximize student engagement during school hours. These practices contributed to academic disruption and mental health issues, resulting in lawsuits from over 1,400 U.S. school districts.

Confidence
High (multi-source, primary)
Meta, Snap, TikTok, and Google3 sourcesPrimaryPublicJun 2026
FI-0576Cross-industryMedium
Brand & Safety Incident

Reddit ads used deepfake news and cloned sites to promote AI investment scams

Reddit failed to prevent a series of sponsored ads that used deepfakes and cloned websites to impersonate news outlets like the BBC and The Guardian. These ads promoted fraudulent AI investment platforms, targeting users in the US and Europe.

Confidence
High (multi-source, primary)
Reddit3 sourcesPrimaryPublicJun 2026
FI-0575HealthcareHigh
Brand & Safety Incident

Social Health Authority AI premiums overcharge poorest Kenyans

Kenya's Social Health Authority deployed an AI-driven predictive model to set health insurance premiums based on income. An investigation found the system systematically overcharged the poorest citizens, effectively denying them access to healthcare.

Confidence
Medium (multi-source)
Social Health Authority3 sourcesPressPublicMay 2026