The Daily Raptor
Friday, June 20, 2025 Edition


Every edition of The Daily Raptor arrives like a feral cat in a cowboy outfit asking thoughtful questions in your forecast call — no one knows how it got the Zoom link, but now they’re running the meeting.

Cybersecurity Sales Teams: Consider us your covert sales briefing — unsupervised, unnervingly honest, & powered by espresso and spite.


Distribute at your own risk: dailyraptor.com

Important Midweek Threat Update

North Korea, why are you in my Zoom meeting?

While there is much we could discuss this mid-week issue, we are highlighting a critical threat to our CIO/CISO clients. This is a threat with a deep history of blending social and technical capabilities to compromise large organizations with highly sensitive data. A new wave of state-sponsored cyberattacks from North Korea’s BlueNoroff/APT38 group is targeting tech, financial, and cryptocurrency companies via fake Zoom meetings. The objective: socially engineer victims into installing malware under the guise of fixing audio issues during video calls.

The attack chain is simple—yet highly effective:

  • Impersonate a venture capitalist, business partner, or prospect on LinkedIn

  • Move the conversation to Telegram or WhatsApp

  • Send a Zoom invite under urgent circumstances

  • Simulate audio issues mid-call

  • Persuade the victim to download a “fix” (malware)

These attacks have already led to confirmed cryptocurrency thefts exceeding millions of USD.

This marks a sharp evolution in state-sponsored threat tactics: combining AI-generated personas, deepfake video/audio, and classic malware deployment, bypassing both technical defenses and employee judgment.

Who's Being Targeted

  • Cryptocurrency companies and exchanges

  • Fintech and financial services firms

  • Tech companies and cybersecurity vendors

  • Finance or treasury personnel

  • Business development and investor relations roles

Recommended Interventions

Social and Behavioral Controls

  • Require external meeting confirmation from official company email domains

  • Train staff to spot red flags: urgency, platform switching, and unexpected software download requests

  • Standardize on approved video conferencing platforms only

  • Validate new business contacts using multiple communication channels

  • Encourage incident reporting without fear of blame or punishment

Technical Controls

  • Deploy Endpoint Detection and Response (EDR) with behavioral analytics

  • Use application allowlisting to block unauthorized executables and scripts

  • Assign isolated devices or virtual machines for high-risk external calls

  • Enforce phishing-resistant multi-factor authentication across financial systems

  • Segment treasury and cryptocurrency-related networks from broader infrastructure

  • Enable browser isolation for finance and crypto personnel

  • Conduct regular social engineering simulations and red-team testing

  • Maintain forensic readiness with command logging and centralized telemetry

Why This Matters for You

This attack campaign marks a clear shift in cyber risk—from phishing emails to immersive, human-driven deception. For cybersecurity sales professionals, this is a prime opportunity to:

  • Lead with threat intelligence that isn’t theoretical. This is a state-sponsored campaign happening now—targeting real companies using real-world platforms like LinkedIn, Telegram, and Zoom.

  • Elevate the conversation with CIOs and CISOs by connecting your solution to a nation-state threat that blends social engineering with malware—something firewalls, email filters, and even VPNs can’t stop alone.

  • Position your offerings (EDR, isolation, identity protection, behavioral security, etc.) as relevant countermeasures to advanced social engineering and insider compromise.

  • Speak to the business impact: These attackers are going after financial systems, cryptocurrency wallets, and sensitive data—which means the risk is not just technical, it’s monetary, reputational, and operational.

For CIOs/CISOs, this threat underscores the need to:

  • Reassess Planned Projects: Ensure Pending Investments align with priorities / Organizational Risks / Operational Resilience

  • Evaluate the security of human workflows, not just technology stacks

  • Assess exposure in video conferencing, LinkedIn outreach, and BYOD scenarios

  • Prioritize resilience against targeted deception, not just opportunistic phishing

This isn’t just about stopping malware. It’s about protecting trust, decision-making, and the people behind the keyboard.

CIO Everyone Should Know: Aleta Jeffress

We're excited to introduce a new feature in The Daily Raptor"CIO Everyone Should Know"—spotlighting exceptional leaders shaping the future of IT across government and enterprise landscapes. These are the people who not only influence major technology decisions but also serve as valuable connectors, mentors, and thought partners.

Today, we're proud to introduce Aleta Jeffress, a standout executive with a proven track record leading complex IT operations in both the private sector and the public domain. Her blend of strategic vision and operational excellence makes her someone worth knowing—and learning from.

Whether you're looking for a fresh perspective, a potential mentor, or a collaborative sounding board, Aleta is someone you’ll want in your professional orbit.

Connect with Aleta Jeffress on LinkedIn or drop her a note via LinkedIn Messaging.

The CIO Everyone Should Know: Aleta Jeffress

Aleta was named among the 2021 Top 100 Women in Technology by Technology Magazine, recognized for her groundbreaking contributions in cybersecurity and technological innovation. As a public-sector CIO at both state and local government levels, she successfully developed multiple advanced cybersecurity programs and teams to combat threats and secure government environments against sophisticated threat actors.

Sales Leaders:

As June draws to a close, sales leaders are finalizing agendas for their upcoming leadership QBRs and summer half-annual sales kick-offs. Aleta’s deep expertise also extends to sales advising—guiding teams in effectively engaging senior security and technology professionals and clearly articulating complex cybersecurity solutions. She is available for select speaking engagements with cybersecurity sales teams during July, August, and September, offering impactful insights and practical guidance. Aleta Jeffress uniquely addresses these forums' strategic priorities—her extensive experience directly aligns with current objectives such as driving revenue growth, enhancing cybersecurity preparedness, and leading digital transformation. Her insights will empower sales leaders to sharpen their team’s approach to complex customer conversations and technology-driven opportunities.

Highlight Achievements:

  • Successfully secured critical security operations teams to combat sophisticated cyber threats. 

  • As the CIO, Aleta created and maintained advanced cybersecurity programs for the City of Aurora and the Indiana Department of Revenue.

  • Led strategic digital transformation initiatives at CGI, driving a remarkable 20% revenue growth.

  • As the former CEO, she significantly expanded partnerships at the National Cybersecurity Center (NCC), enhancing cybersecurity readiness across multiple sectors.

  • Managed multimillion-dollar federal technology and cybersecurity contracts early in her career.

  • Recognized among the "Top 100 Women in Technology" by Technology Magazine for her exceptional leadership and influence.Threat Brief: North Korea's Deepfake Zoom Attacks

This is a unique opportunity to bring in a senior executive to coach and guide our sellers on how to optimize our communication and messaging paths as well as delivering strategic value to executives responsible for large sophisticated IT operations. We encourage everyone to take the time to reach out to Aleta and introduce yourself via LinkedIn.

Also, Ivy claims AI is now impersonating her. We’re not sure. There are still a few noteworthy differences…

—The DR Team
/smb