ChainCatcher reports that, according to Cointelegraph, the U.S. cybersecurity firm Mandiant, a subsidiary of Google Cloud, has discovered that North Korea-linked threat groups are increasing social engineering attacks targeting cryptocurrency and fintech companies.
The threat group (codenamed UNC1069) has deployed seven malicious software suites, including newly discovered SILENCELIFT, DEEPBREATH, and CHROMEPUSH, aimed at obtaining sensitive data and stealing digital assets. The attackers exploit compromised Telegram accounts and use AI-generated deepfake videos to lure victims into fake Zoom meetings. Mandiant has been tracking this group since 2018, but advances in AI have helped the group expand its malicious activities since November 2025. In one intrusion, the attackers used stolen cryptocurrency founder Telegram accounts to initiate contact and employed a so-called ClickFix attack to trick victims into executing “troubleshooting” commands containing hidden instructions.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Bitcoin Ransom Demand Emerges in Nancy Guthrie Kidnapping
_Ransom notes demand up to $6M in Bitcoin in the Nancy Guthrie case as the FBI releases footage and confirms wallet activity._
A reported Bitcoin ransom demand has surfaced in the case of Nancy Guthrie, the 84-year-old mother of television anchor Savannah Guthrie.
Media outlets received
LiveBTCNews1h ago
Balancer: The white hat rescue fund application window for the V2 security incident on November 3rd is now open
Balancer announces that starting today, a 180-day white-hat rescue fund application window is open. Affected users can apply to recover their tokens. Funds are allocated based on the proportion of liquidity providers in each pool. Assets not claimed by the deadline will become dormant. The investigation is still ongoing.
GateNewsBot3h ago
X million dollar long-form champion Beaverd is exposed as a "Meme coin serial predator," and he coldly retorts, "Cry about it."
Beaverd (@beaverd) wins the $1 million grand prize in the X platform long-form competition but is exposed by Bubblemaps for involvement in Meme coin scams, with profits exceeding $600,000. In response to the allegations, Beaverd not only denies them but also makes provocative remarks, sparking community dissatisfaction. His statements and background have also caused widespread controversy.
動區BlockTempo3h ago
North Korean hackers use AI deepfake Zoom to scam, cryptocurrency companies face dual attack of targeted "social engineering + Trojan"
On February 11, news reports revealed that Mandiant, Google's security team, disclosed that a hacker group linked to North Korea is using deepfake videos and fake Zoom calls to carry out highly customized social engineering attacks against the cryptocurrency industry. They are also deploying various malicious programs to steal assets and data.
The investigation shows that this operation was launched by the cyber threat group UNC1069. The group has been active since at least 2018 and shifted its focus from traditional finance to the Web3 space after 2023, targeting executives of crypto fintech companies, software developers, and venture capital professionals. The incident began when an industry executive's Telegram account was hijacked. The attackers impersonated the individual to contact targets, build trust, and then sent fake Calendly video meeting invitations.
GateNewsBot4h ago
American host's mother kidnapped! The kidnappers demand 85 Bitcoin ransom, but police searches have been unsuccessful.
American "Today Show" host Savannah Gessley's mother was kidnapped, and the kidnappers demanded $6 million in Bitcoin. The case has raised concerns about cryptocurrency crimes and has drawn mainstream society's attention to the risks of blockchain. Law enforcement faces difficulties, with no concrete clues found, and family members released a video for help. This incident serves as a warning about the spread of cryptocurrency crimes in society.
CryptoCity7h ago
