ChainCatcher reports that, according to Cointelegraph, the U.S. cybersecurity firm Mandiant, a subsidiary of Google Cloud, has discovered that North Korea-linked threat groups are increasing social engineering attacks targeting cryptocurrency and fintech companies.
The threat group (codenamed UNC1069) has deployed seven malicious software suites, including newly discovered SILENCELIFT, DEEPBREATH, and CHROMEPUSH, aimed at obtaining sensitive data and stealing digital assets. The attackers exploit compromised Telegram accounts and use AI-generated deepfake videos to lure victims into fake Zoom meetings. Mandiant has been tracking this group since 2018, but advances in AI have helped the group expand its malicious activities since November 2025. In one intrusion, the attackers used stolen cryptocurrency founder Telegram accounts to initiate contact and employed a so-called ClickFix attack to trick victims into executing “troubleshooting” commands containing hidden instructions.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Gate Daily (February 24): Jane Street sued by Terraform liquidator; Ethereum forms a new team to promote DeFipunk
Bitcoin (BTC) continues its decline from the beginning of the week, currently around $63,500 as of February 24. The Ethereum Foundation has established a DeFi team to promote the development of the "DeFipunk" protocol. Jane Street was sued by Terraform Liquidation Party, accused of using insider trading to accelerate the crash.
MarketWhisper29m ago
Australia charges suspect with $5 million AUD crypto scam
Australian police have charged a 42-year-old man in connection with a crypto investment scam, defrauding over 190 vulnerable seniors of AUD 5 million. The suspect will appear in court on March 17, with another 36-year-old also under investigation.
TapChiBitcoin41m ago
Step Finance, SolanaFloor, and Remora Markets will cease all operations
Step Finance, SolanaFloor, and Remora Markets announce shutdowns after a January hack resulting in $40 million worth of assets stolen. After failing to find a viable business recovery plan, they have decided to cease all operations and offer buyback and redemption options for secured token holders.
GateNewsBot52m ago
Trump Family Stablecoin USD1 Suddenly Loses Peg! WLFI Claims It Was a Coordinated Attack
On February 23, the stablecoin USD1 under the DeFi project World Liberty Financial (WLFI), associated with the Trump family, temporarily lost its dollar peg, dropping to a low of 0.994 USD before quickly rebounding. WLFI characterized the incident as a hacker-led "coordinated attack," but rumors of Eric Trump deleting posts and an undisclosed insider trading investigation suggest that this storm is far from over.
MarketWhisper58m ago
USD1 briefly drops to 0.997 USD, World Liberty Financial says it was a "coordinated attack"
World Liberty Financial's USD1 stablecoin dipped to $0.99707 but stabilized quickly, claiming no depegging occurred. The company attributed the dip to a coordinated attack, involving hackers targeting founders to manipulate the market. WLFI token fell 3%.
TapChiBitcoin1h ago
IoTeX offers a 10% bounty to the cross-chain bridge hacker, demanding the return of $4.4 million worth of assets within 48 hours.
Odaily Planet Daily reports that IoTeX has announced a 10% white-hat bounty (approximately $440,000) for hackers who attack its ioTube cross-chain bridge, provided that the stolen assets of about $4.4 million are returned within 48 hours. IoTeX co-founder and CEO Raullen Chai stated that if the funds are returned, the team will not pursue legal action or disclose the hacker's identity to law enforcement.
GateNewsBot2h ago
