ChainCatcher reports that, according to Cointelegraph, the U.S. cybersecurity firm Mandiant, a subsidiary of Google Cloud, has discovered that North Korea-linked threat groups are increasing social engineering attacks targeting cryptocurrency and fintech companies.
The threat group (codenamed UNC1069) has deployed seven malicious software suites, including newly discovered SILENCELIFT, DEEPBREATH, and CHROMEPUSH, aimed at obtaining sensitive data and stealing digital assets. The attackers exploit compromised Telegram accounts and use AI-generated deepfake videos to lure victims into fake Zoom meetings. Mandiant has been tracking this group since 2018, but advances in AI have helped the group expand its malicious activities since November 2025. In one intrusion, the attackers used stolen cryptocurrency founder Telegram accounts to initiate contact and employed a so-called ClickFix attack to trick victims into executing “troubleshooting” commands containing hidden instructions.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
GoPlus: Beware of 26 malicious software packages released by North Korean hackers that can be remotely downloaded and execute Trojans
GoPlus Chinese Community issued a warning that North Korean hackers have published 26 malicious packages on the npm registry. These packages can execute hidden malicious code and steal user information. Users should verify the source of software packages and avoid using the listed malicious packages to prevent privacy leaks and asset loss.
GateNews2h ago
Former Los Angeles police officer convicted of kidnapping a teenager and stealing Bitcoin: $350,000 in digital assets stolen
Former Los Angeles Police Officer Eric Halem was convicted of kidnapping and robbing a teenage Bitcoin holder, valued at approximately $350,000. The case highlights the risks of cryptocurrency in crime, reminding investors to protect digital assets against theft and scams. Sentencing will take place on March 31.
GateNews3h ago
OpenZeppelin audits EVMbench, finds data contamination
OpenZeppelin conducted an audit of EVMbench and found that the training data was contaminated, and at least four high-risk vulnerabilities are invalid forgeries. This affects the AI model's security assessment capabilities. If the AI has previously "seen" vulnerability reports, it will not accurately reflect its ability to discover new vulnerabilities. This highlights issues with the credibility of benchmark test data and methodologies.
MarketWhisper4h ago
SANAE TOKEN Collapse! Sanae Tanaka Denies Supporting Political Coins, Issuer Faces Backlash in Japan
Japanese Prime Minister Sanae Takaichi strongly denies involvement in the issuance of the cryptocurrency called SANAE TOKEN, which is promoted in her name and has caused social panic. The latest reports indicate that the coin's price has plummeted by over 50%. The issuer claims that the coin promotes political participation but was not authorized by the government, leading to public condemnation and legal issues. Investors should stay vigilant to avoid financial scams.
CryptoCity4h ago
