Lazarus Hackers Target Canadian Gambling Firm via Zoom Scam

A sophisticated cyberattack linked to North Korea’s notorious Lazarus Group has once again struck the Canadian gambling industry. This time, a Zoom-based social engineering scam targeted an unnamed Ottawa-based online gambling firm—marking a new escalation in cyber threats within gaming.

What happened:

• The attackers, operating under the Lazarus subgroup BlueNoroff, orchestrated a fake "Zoom audio repair" during a scheduled crypto-related call.

• Believing they were receiving IT support, the victim downloaded malicious software—unwittingly installing a Trojan infostealer that siphoned browser history, credentials, and sensitive system data Daily Press+4VegasSlotsOnline+4CDC Gaming+4.

Why it matters:

• It's not just about money; attackers are aiming to gather valuable personal data and crypto-assets.

• The incident exposes the vulnerability of gambling firms to advanced social engineering attacks, even with remote meeting precautions in place .

Expert insights:

• Security firm Field Effect reported that this is part of a wider campaign first observed in March 2025, suggesting that crypto organizations must maintain heightened cybersecurity vigilance VegasSlotsOnline.

• The Lazarus Group’s history includes major cyber heists, including a $1 billion bank heist in 2016—a stark reminder of their capabilities VegasSlotsOnline.

  
  

What MapleWins suggests for operators & players:

1. Never run downloads during unverified Zoom sessions—especially “repair tools.”

2. Enforce multi‑factor authentication (MFA) across all critical systems.

3. Train staff on spotting phishing and deepfake scams—even within secure workflows.

4. Conduct regular pen-testing and hire cybersecurity firms to audit remote-connection protocols.