The archived thread describes North Korean phishers hijacking a known contact’s account and using the existing relationship to re-engage a target after an earlier in-person meeting. The attackers sent Zoom-themed links that appeared to be legitimate subdomains but redirected to phishing infrastructure, avoided switching to Google Meet, and used a fake Zoom call page with pre-generated participant video. Visiting the site triggered an immediate package download, and a later prompt asked the target to install a supposed Zoom SDK before the attackers rapidly deleted the chat history. The body does not provide a malware family or full IOC set, but it highlights account compromise, trusted-contact abuse, meeting-platform impersonation, and evidence suppression as practical social-engineering tradecraft.