ChainCatcher reports that, according to Cointelegraph, the U.S. cybersecurity firm Mandiant, a subsidiary of Google Cloud, has discovered that North Korea-linked threat groups are increasing social engineering attacks targeting cryptocurrency and fintech companies.
The threat group (codenamed UNC1069) has deployed seven malicious software suites, including newly discovered SILENCELIFT, DEEPBREATH, and CHROMEPUSH, aimed at obtaining sensitive data and stealing digital assets. The attackers exploit compromised Telegram accounts and use AI-generated deepfake videos to lure victims into fake Zoom meetings. Mandiant has been tracking this group since 2018, but advances in AI have helped the group expand its malicious activities since November 2025. In one intrusion, the attackers used stolen cryptocurrency founder Telegram accounts to initiate contact and employed a so-called ClickFix attack to trick victims into executing “troubleshooting” commands containing hidden instructions.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
SlowMist: Beware of Fake imToken Chrome Extension
PANews March 6 News, SlowMist Technology Chief Information Security Officer 23pds issued a warning to beware of fake imToken Chrome extensions. A fake imToken Chrome extension in the Chrome Web Store can phishing for seed phrases and private keys.
GateNews2h ago
Absurd: Korean Fraud Convict Dead for 7 Years Resurrects, Court Sells Cryptocurrency to Compensate Victims
A South Korean fraudster was finally deported after being declared dead seven years ago. The court revoked his missing person declaration, and his frozen assets of approximately $60,000 were used to compensate the victims. This incident exposed numerous flaws in the South Korean judicial system and sparked widespread criticism of digital asset management, prompting the government to undertake comprehensive reforms.
動區BlockTempo2h ago
FBI Arrests Court Security Officer in Cryptocurrency Theft Case, $46 Million Stolen Mystery Unveiled
The FBI in the United States arrested John Daghita on Saint Martin Island for allegedly illegally accessing $46 million in cryptocurrency managed by a sheriff's office. The case originated from on-chain detective ZachXBT's tracking, revealing vulnerabilities in government digital asset custody and raising questions about third-party custody security. It has not yet been confirmed whether the stolen assets have been recovered.
MarketWhisper2h ago
PsiQuantum quantum computing facility breaks ground, potentially capable of cracking Bitcoin
PsiQuantum's million-qubit facility in Chicago has officially broken ground. In collaboration with NVIDIA, they plan to build powerful quantum computers. The facility could challenge Bitcoin's encryption technology, sparking discussions on cybersecurity. Threat assessments of quantum computers show that early UTXO wallets are the most vulnerable, and some experts believe that quantum computers will not have a significant impact on Bitcoin within the next ten years. PsiQuantum emphasizes that they have no intention of attacking Bitcoin, but the risks of technological diffusion still need to be monitored.
MarketWhisper3h ago
HypurrFi discloses an "Rounding Error" vulnerability in the early version of Aave V3, and has suspended new lending in the XAUT0 and UBTC markets.
HyperEVM's HypurrFi posted a message on the X platform that the previous version of Aave V3 3.5 has a "rounding error" vulnerability, which attackers can exploit to extract underlying tokens. Affected markets have suspended related operations, user funds are safe, and the team is working together to resolve the issue.
GateNews3h ago
