A finance worker at the firm fell victim to an AI-driven deepfake scam during a video conference call where attackers impersonated the CFO and other colleagues with flawless synthetic voices and video. Tricked by the hyper-realistic simulation, the employee authorized an urgent transfer of over US$25 million to a fraudulent supplier account. The attack exploited human behavior rather than technical vulnerabilities, bypassing encryption and authentication systems by manipulating the employee under pressure. The incident highlights the rising threat of AI-enhanced social engineering, where traditional awareness training fails to prevent real-time deception. While the funds were likely unrecoverable, the breach primarily damaged the company’s financial integrity and operational trust, though no customer or employee data was compromised in the process.
Source: https://www.frontier-enterprise.com/why-behaviour-will-decide-your-next-cybersecurity-breach/
TPRM report: https://www.rankiteo.com/company/micro-connect-group
"id": "mic0762207092925",
"linkid": "micro-connect-group",
"type": "Cyber Attack",
"date": "9/2025",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Financial Services',
'location': 'Hong Kong',
'name': 'Unnamed Hong Kong-Based Company (Finance '
'Sector)',
'type': 'Private Corporation'}],
'attack_vector': ['AI-Generated Deepfake Video Conference',
'Impersonation of CFO and Colleagues',
'Urgent Payment Request',
'Exploitation of Human Behavior Under Pressure'],
'description': 'A finance worker in Hong Kong was tricked into transferring '
'over US$25 million after attending a video conference where '
"the 'CFO' and colleagues were deepfaked using AI. The attack "
'exploited human behavior rather than defeating technical '
'controls like encryption. The incident highlights the growing '
'threat of AI-supercharged social engineering, where flawless '
'emails, credible voices, and convincing video calls are used '
'at scale to manipulate employees under pressure. The gap '
'between security awareness training and real-world behavior '
'was a key factor, as the employee responded to an urgent, '
'atypical payment request outside normal business hours '
'without sufficient verification.',
'impact': {'brand_reputation_impact': ['Potential Reputation Damage Due to '
'High-Profile Fraud',
'Loss of Stakeholder Confidence in '
'Financial Controls'],
'financial_loss': '$25,000,000 (USD)',
'operational_impact': ['Unauthorized Financial Transaction',
'Potential Erosion of Trust in Internal '
'Communication Channels'],
'payment_information_risk': ['Fraudulent Transfer of Funds to '
'Criminal-Controlled Account'],
'revenue_loss': '$25,000,000 (USD)'},
'initial_access_broker': {'entry_point': ['Deepfake Video Conference '
'Impersonating CFO',
'Exploited Trust in Internal '
'Communication Channels'],
'high_value_targets': ['Finance Department',
'Employees with Payment '
'Authorization']},
'lessons_learned': ['Human behavior (not just technology) is the decisive '
'factor in modern cyberattacks, especially with '
'AI-powered social engineering.',
'Annual security training is insufficient; real-time, '
'contextual interventions are needed to change behavior '
'under pressure.',
'High-risk transactions (e.g., new payment instructions, '
'urgent requests) require layered verification, such as '
'independent channels and step-up authentication.',
'AI-generated deepfakes can bypass traditional security '
'controls by exploiting trust in authority figures and '
'routine workflows.',
'Human risk analytics—continuous analysis of user '
'behavior patterns—can predict and mitigate risky actions '
'before they result in breaches.'],
'motivation': 'Financial Gain',
'post_incident_analysis': {'corrective_actions': ['Deploy human risk '
'analytics to flag '
'anomalies in payment '
'workflows (e.g., new bank '
'details, off-hours '
'requests).',
'Implement mandatory '
'verification for high-risk '
'transactions via '
'independent channels '
'(e.g., pre-registered '
'phone numbers).',
'Introduce step-up '
'authentication for '
'payments exceeding '
'thresholds or deviating '
'from norms.',
'Train employees on '
'deepfake risks and '
'reinforce skepticism for '
'urgent, unusual '
'requests—even from '
"'trusted' sources.",
'Establish a feedback loop '
'to measure near-misses '
'(e.g., reported suspicious '
'messages) and adjust '
'interventions '
'dynamically.'],
'root_causes': ['Over-reliance on annual security '
'training without real-time '
'behavioral reinforcement.',
'Lack of contextual risk scoring '
'for high-value transactions '
'(e.g., new supplier payments).',
'Absence of just-in-time '
'verification for urgent, atypical '
'requests from senior leaders.',
'AI-powered social engineering '
'exploited the gap between '
'knowledge (training) and behavior '
'(actions under pressure).',
'No system in place to correlate '
'identity signals (e.g., unusual '
'timing, new payee details) with '
'user actions.']},
'recommendations': ['Implement human risk analytics to monitor and score '
'real-time user behavior (e.g., unusual payment requests, '
'rapid responses to urgent messages).',
'Replace annual phishing tests with '
'micro-interventions (e.g., 20-second nudges tied to '
'high-risk actions).',
'Add friction at critical moments: temporary holds on '
'payments, mandatory verification via pre-registered '
'channels, and step-up authentication for anomalies.',
'Personalize risk mitigation by role (e.g., sales teams '
'on the road may need different prompts than office-based '
'finance staff).',
'Track leading indicators of risk reduction (e.g., '
'time to report suspicious messages, decline in high-risk '
'clicks) rather than just training completion rates.',
'Design systems to build trust: limit visibility of '
'user-level metrics, explain monitoring purposes, and '
'ensure fairness in interventions.',
'Orchstrate technical controls (e.g., email '
'authentication, sandboxing) around human workflows '
"to address the 'last mile' of security."],
'references': [{'source': 'Verizon Data Breach Investigations Report (2025)'}],
'response': {'enhanced_monitoring': ['Proposed: Human Risk Analytics for '
'Real-Time Behavioral Monitoring',
'Proposed: Just-in-Time Interventions '
'for High-Risk Transactions']},
'title': 'AI-Powered Deepfake Social Engineering Attack Leading to $25M '
'Fraudulent Transfer',
'type': ['Social Engineering',
'Fraud',
'Deepfake Attack',
'Business Email Compromise (BEC)'],
'vulnerability_exploited': ['Human Trust in Authority Figures',
'Lack of Real-Time Verification for High-Risk '
'Transactions',
'Rapid Response to Urgent Requests from Seniors',
'Insufficient Contextual Risk Awareness']}