Criminal IP describes a targeted Zoom-themed phishing attempt against David Zhang, co-founder of Stably and dTRINITY, after an attacker impersonated a trusted contact and proposed a DeFi collaboration meeting. The phishing link led to a site that automatically downloaded a malicious Zoom.pkg installer, while the attacker refused Google Meet and pushed the victim toward Zoom as part of the social-engineering script. Domain analysis found anonymous registration on May 14, 2025 and hosting through HOSTWINDS, with an associated 23.254.247.XX address that Criminal IP linked to Lazarus and Bluenoroff infrastructure. The article says Bluenoroff was probably behind the incident because the target was a cryptocurrency-sector executive and the group is known for financially motivated activity. Infrastructure details included RDP exposed on port 3389 and SSL-certificate pivots used to identify additional malicious infrastructure.