ChainCatcher reports that, according to Cointelegraph, the U.S. cybersecurity firm Mandiant, a subsidiary of Google Cloud, has discovered that North Korea-linked threat groups are increasing social engineering attacks targeting cryptocurrency and fintech companies.
The threat group (codenamed UNC1069) has deployed seven malicious software suites, including newly discovered SILENCELIFT, DEEPBREATH, and CHROMEPUSH, aimed at obtaining sensitive data and stealing digital assets. The attackers exploit compromised Telegram accounts and use AI-generated deepfake videos to lure victims into fake Zoom meetings. Mandiant has been tracking this group since 2018, but advances in AI have helped the group expand its malicious activities since November 2025. In one intrusion, the attackers used stolen cryptocurrency founder Telegram accounts to initiate contact and employed a so-called ClickFix attack to trick victims into executing “troubleshooting” commands containing hidden instructions.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Hong Kong Sheung Wan Money Exchange Customer Robbed at Knifepoint, Police Arrest Suspect Through Early Deployment
Recently, a knife robbery occurred in Sheung Wan, Hong Kong. Two victims were robbed after exchanging approximately 10 million HKD at a currency exchange shop. The police successfully apprehended the suspect, and the victims did not suffer any property loss. This is the third major cash robbery in the area within three months. The police have begun investigating the connection between the cases and the background of the criminal group.
GateNews3h ago
Warden Protocol suspected to have run away, token price has plummeted 90% since launch
Gate News Report, March 7 — According to community user feedback, Warden Protocol (WARD) appears to have rug pulled, with its token price plummeting 90% since being listed on a certain CEX Alpha section. It is reported that Warden Protocol was previously positioned as an intent-driven modular blockchain network, later shifting towards AI-related narratives. The project previously claimed that all three co-founders had backgrounds at a certain CEX.
GateNews4h ago
BlackRock's $26 billion private credit fund restricts redemptions, potentially impacting DeFi and the crypto market
BlackRock's private credit funds have begun restricting withdrawals due to an increase in redemption requests, sparking market concerns over private credit and the DeFi ecosystem. Analysts warn that potential asset impairments or defaults could lead to liquidity tightening, affecting both traditional lending and the crypto market.
GateNews9h ago
Sillytuna Hackers Move Over $10M in Stolen Crypto Funds
The Sillytuna hackers have laundered over $10M in stolen funds, primarily using Bitcoin and DAI, through exchanges and mixers to obscure the origins. Despite these movements, they still hold $19M in stolen assets.
BlockChainReporter16h ago
Shiba Inu: Alert Issued as SHIB Participant Social Media Account Gets Hacked - U.Today
Ragnarshib warns the Shiba Inu community about a hacked account belonging to Vet Kusama, currently used by scammers to send fraudulent messages. Users are advised not to interact with the account or its links until it is recovered.
UToday18h ago
IoTeX Releases ioTube Security Incident Report: Actual Losses Approximately $4.4 Million, Pledges Full Compensation to Affected Users
IoTeX reports that the ioTube cross-chain bridge incident on March 6 resulted in approximately $4.4 million in losses. 99.5% of the stolen assets have been frozen, and the team has committed to fully compensate affected users. The mainnet has resumed operation, and the attacker’s address has been blacklisted. Meanwhile, efforts are underway to promote decentralized governance and security audits.
GateNews21h ago
