Lazarus Group针对Manta Network联合创始人Kenny Li，基于Zoom的社会工程攻击

拉撒路集团是朝鲜相关的网络犯罪集团，试图黑客网络联合创始人肯尼·李（Kenny Li）。袭击是由

A North Korea-affiliated cybercrime syndicate, known as Lazarus Group, attempted to scam Manta Network co-founder Kenny Li in a new phishing attempt.

朝鲜附属的网络犯罪集团被称为拉撒路集团（Lazarus Group），试图在新的网络钓鱼尝试中骗曼塔网络联合创始人肯尼·李（Kenny Li）。

According to a recent report by TokenPost, the hackers contacted Li on Telegram, posing as a trusted contact who had arranged a Zoom meeting on April 17.

根据Tokenpost的最新报告，黑客在Telegram上与Li联系，认为是一个值得信赖的联系人，他于4月17日安排了Zoom会议。

During the call, Li noticed several strange prompts, including a request for camera access and a script file download, which raised his suspicions. As a result, he deleted their messages and left the meeting, only to discover later that the contact had blocked him.

在通话中，李注意到了几个奇怪的提示，包括访问摄像机的请求和脚本文件下载，这引起了他的怀疑。结果，他删除了他们的信息并离开了会议，只是发现接触阻止了他。

This experience highlights a growing trend of Zoom-based attacks against members of the crypto community, which have been linked by cybersecurity experts to the Lazarus Group, who have been exploiting vulnerabilities in Web3 infrastructure.

这种经历强调了对加密社区成员的基于变焦的攻击的日益增长的趋势，这些攻击已由网络安全专家与Lazarus集团联系起来，Lazarus集团一直在利用Web3基础架构中的漏洞。

How Lazarus Exploits Zoom for Crypto Scams

拉撒路如何利用Zoom进行加密骗局

The attack on Li involved a fake Zoom call with pre-recorded footage from previous meetings, that was probably obtained by compromising team members’s email accounts. The audio was not working and familiar faces were shown, mimicking a legitimate meeting, before a prompt to download a script file appeared.

对李的攻击涉及一个假缩放电话，其中包括先前会议的预录录像，这可能是由于损害团队成员的电子邮件帐户而获得的。在提示下载脚本文件之前，音频没有工作，并显示了熟悉的面孔，模仿了合法的会议。

This tactic is similar to what has been previously reported about Zoom scams. For instance, SlowMist conducted an investigation last year that found hackers were using fake Zoom interfaces to trick users to download malware. These malicious files steal system data, browser cookies and cryptocurrency wallet credentials and send them to the remote server of the attackers.

这种策略类似于以前报道的有关变焦骗局的策略。例如，Slowmist去年进行了一项调查，发现黑客正在使用假缩放界面来欺骗用户下载恶意软件。这些恶意文件窃取系统数据，浏览器cookie和加密货币钱包凭据，并将其发送到攻击者的远程服务器。

In another instance, a user from Vow | ContributionDAO had a nearly identical experience on April 18, when an attacker, pretending to be part of a blockchain team, demanded a specific Zoom link. However, when the user suggested switching to Google Meet, the attackers disappeared.

在另一种情况下，来自Vow的用户|贡献者在4月18日的经验几乎相同，当时一名攻击者假装是区块链团队的一部分，要求有特定的变焦链接。但是，当用户建议切换到Google见面时，攻击者消失了。

As these attacks become increasingly sophisticated, members of the crypto community are raising alarm. These scams can become very convincing when they are made using deepfake technology or pre-recorded footage.

随着这些攻击变得越来越复杂，加密社区的成员正在引起警报。当使用Deepfake技术或预录录像制作时，这些骗局可能会变得非常令人信服。

KiloEx Recovers $7.5M After Separate Exploit

Kiloex单独利用后恢复了750万美元

In a separate development, decentralized exchange KiloEx has recovered $7.5 million after being hacked.

在另一个发展中，分散的交易所Kiloex被黑客入侵后已收回了750万美元。

The DeFi protocol announced on Wednesday that the attacker returned the funds, stolen four days earlier, after they reached an agreement on a bounty deal.

DEFI协议周三宣布，袭击者在达成赏金协议的协议后，在四天前被盗的资金退还了资金。

The exploit was due to a manipulated price oracle, a known vulnerability of decentralized finance platforms. KiloEx had enlisted the help of several cybersecurity firms, including SlowMist and Sherlock to trace the attack.

漏洞利用是由于价格甲骨文的操纵，这是分散融资平台的已知漏洞。 Kiloex邀请了几家网络安全公司的帮助，包括Slowmist和Sherlock来追踪袭击。

After the exploit, KiloEx temporarily suspended operations and is still deciding whether to pursue legal action against the hacker. The incident also serves as a stark reminder that vulnerabilities in smart contracts and oracles remain prime targets for cybercriminals in the DeFi sector.

漏洞利用后，Kiloex暂时暂停了行动，并且仍在决定是否针对黑客采取法律诉讼。该事件还提醒人们，智能合约和甲骨文中的脆弱性仍然是Defi行业网络犯罪分子的主要目标。