ChainCatcher reports that, according to Cointelegraph, the U.S. cybersecurity firm Mandiant, a subsidiary of Google Cloud, has discovered that North Korea-linked threat groups are increasing social engineering attacks targeting cryptocurrency and fintech companies.
The threat group (codenamed UNC1069) has deployed seven malicious software suites, including newly discovered SILENCELIFT, DEEPBREATH, and CHROMEPUSH, aimed at obtaining sensitive data and stealing digital assets. The attackers exploit compromised Telegram accounts and use AI-generated deepfake videos to lure victims into fake Zoom meetings. Mandiant has been tracking this group since 2018, but advances in AI have helped the group expand its malicious activities since November 2025. In one intrusion, the attackers used stolen cryptocurrency founder Telegram accounts to initiate contact and employed a so-called ClickFix attack to trick victims into executing “troubleshooting” commands containing hidden instructions.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
$1.2M in Profits Tied to Insider-Linked Addresses in ZachXBT Market Bet
_Eight insider-linked wallets captured $1.2M in profits, mostly from single-market bets placed before odds shifted._
On-chain data has intensified scrutiny around a Polymarket event linked to a ZachXBT insider probe. Trading records show heavy profit concentration among a small cluster of wallet
LiveBTCNews5h ago
ZachXBT Alleges Axiom Employee Misused Internal Data - Unchained
ZachXBT alleges an Axiom employee misused internal tools to access private user wallet data for profit and shared it with a select group tracking traders. Axiom responded by revoking access and initiating an investigation amid rising concerns about data ethics in crypto.
UnchainedCrypto6h ago
Korea National Tax Service accidentally exposes seed phrase, approximately $4.8 million in seized cryptocurrency stolen
The Korean National Tax Service conducted searches on 124 high-debt taxpayers and released photos containing the seed phrases of encrypted hardware wallets, resulting in 4 million PRTG tokens being transferred, with a loss of approximately 6.4 billion Korean Won (about $48 million). Analysis indicates that the thieves transferred the tokens in three separate transactions and used a small amount of Ethereum as transaction fees.
GateNews7h ago
Axiom Employee Allegedly Exploits Dashboard for Insider Trading
Allegations against Axiom Exchange reveal that Broox Bauer exploited internal dashboards to track private wallets for insider trading schemes, targeting high-volume traders. The lack of access controls raises significant security concerns, prompting calls for investigation.
CryptoFrontNews9h ago
AI Cryptocurrency Scams Surge 500%! Generative Artificial Intelligence Becomes a New Weapon for Hackers, Single-Transaction Profits Increase 4.5 Times
TRM Labs reports that AI cryptocurrency scam activities have surged by approximately 500% over the past year. Hackers are using AI to generate phishing emails and fake websites, with deepfake technology accelerating emotional scams. The scale of illegal crypto transactions is expected to reach $158 billion in 2025, highlighting the urgent need to upgrade security defenses.
GateNews9h ago
XRP Ledger Foundation confirms fixing a serious vulnerability in an unreleased revision
The XRP Ledger Foundation has confirmed the fix of a serious vulnerability present in Ripple's signature verification logic, which could allow attackers to steal funds. The patch has not yet been activated on the mainnet, and validators are currently advised to vote against it. An emergency release was issued on February 23 to prevent exploitation of the vulnerability.
TechubNews11h ago
