ChainCatcher reports that, according to Cointelegraph, the U.S. cybersecurity firm Mandiant, a subsidiary of Google Cloud, has discovered that North Korea-linked threat groups are increasing social engineering attacks targeting cryptocurrency and fintech companies.
The threat group (codenamed UNC1069) has deployed seven malicious software suites, including newly discovered SILENCELIFT, DEEPBREATH, and CHROMEPUSH, aimed at obtaining sensitive data and stealing digital assets. The attackers exploit compromised Telegram accounts and use AI-generated deepfake videos to lure victims into fake Zoom meetings. Mandiant has been tracking this group since 2018, but advances in AI have helped the group expand its malicious activities since November 2025. In one intrusion, the attackers used stolen cryptocurrency founder Telegram accounts to initiate contact and employed a so-called ClickFix attack to trick victims into executing “troubleshooting” commands containing hidden instructions.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Fake Windows ads stealing recovery phrases! Facebook pushes a "Free Upgrade to Win11" post, mimicking the official Microsoft website, making it hard to distinguish real from fake.
Hackers are running fake "Windows 11" update ads on Facebook to trick users into downloading malicious software called "Lunar Application," which is designed to steal cryptocurrency wallet seed phrases and login credentials. The attackers use highly realistic Microsoft branding and websites, combined with geofencing technology to evade security detection. Users should exercise caution, only download updates from official sources, and protect their seed phrases.
動區BlockTempo22m ago
U.S. Seizes $61 Million USDT, "Pig Butchering" Scam Money Laundering Chain Crumbles
The Eastern District of North Carolina Federal Prosecutor's Office announced on February 24th that federal agents have seized over $61 million worth of Tether (USDT). Asset tracking shows that these cryptocurrency addresses are directly linked to money laundering activities related to "Pig Butchering" investment scams. The investigation was led by the U.S. Immigration and Customs Enforcement in Raleigh, North Carolina, with Tether assisting in the asset transfer process.
MarketWhisper1h ago
Security Reminder: Hackers Use Facebook to Run Fake Windows 11 Update Ads to Steal Cryptocurrency
Hackers have placed fake Windows 11 update ads on Facebook to lure cryptocurrency users into downloading malicious software "LunarApplication," stealing wallet seed phrases and sensitive information, and using geofencing technology to evade detection.
GateNewsBot2h ago
An Ethereum user lost nearly $390,000 after signing a phishing authorization transaction.
ChainCatcher reports that, according to Scam Sniffer monitoring, an Ethereum user lost $388,051 after signing a phishing token authorization transaction.
GateNewsBot2h ago
U.S. sanctions Russian hacking company Operation Zero for cryptocurrency funding of stolen proprietary software
The U.S. Department of the Treasury has imposed sanctions on Russian cybersecurity company Operation Zero and its leaders for using cryptocurrency to fund activities that steal U.S. commercial secrets, involving cybersecurity threats. This action stems from an investigation into Australian citizen Peter Williams, who admitted to stealing secrets for compensation. The government stated it will continue to protect national security.
GateNewsBot4h ago
Confiscated Bitcoins Disappear Due to Poor Police Management... Urging the Development of Virtual Asset Management Strategies
The police have decided to reform virtual asset management due to Bitcoin disappearances, launching the "Virtual Asset Confiscated Property Management System Improvement Plan," which details management at each stage to ensure security. At the same time, the plan includes entrusting trusted providers to safekeep virtual assets and establishing management rules and manuals to address the severity of past management issues.
TechubNews11h ago
