ChainCatcher reports that, according to Cointelegraph, the U.S. cybersecurity firm Mandiant, a subsidiary of Google Cloud, has discovered that North Korea-linked threat groups are increasing social engineering attacks targeting cryptocurrency and fintech companies.
The threat group (codenamed UNC1069) has deployed seven malicious software suites, including newly discovered SILENCELIFT, DEEPBREATH, and CHROMEPUSH, aimed at obtaining sensitive data and stealing digital assets. The attackers exploit compromised Telegram accounts and use AI-generated deepfake videos to lure victims into fake Zoom meetings. Mandiant has been tracking this group since 2018, but advances in AI have helped the group expand its malicious activities since November 2025. In one intrusion, the attackers used stolen cryptocurrency founder Telegram accounts to initiate contact and employed a so-called ClickFix attack to trick victims into executing “troubleshooting” commands containing hidden instructions.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Confiscated Bitcoins Disappear Due to Poor Police Management... Urging the Development of Virtual Asset Management Strategies
The police have decided to reform virtual asset management due to Bitcoin disappearances, launching the "Virtual Asset Confiscated Property Management System Improvement Plan," which details management at each stage to ensure security. At the same time, the plan includes entrusting trusted providers to safekeep virtual assets and establishing management rules and manuals to address the severity of past management issues.
TechubNews1h ago
Tsim Sha Tsui Cryptocurrency Company Employee Arrested for Stealing 2.67 Million USDT
ChainCatcher News: A cryptocurrency exchange platform in Tsim Sha Tsui, Hong Kong, has experienced a theft. A 34-year-old network engineer is suspected of stealing approximately 20 customers' USDT (Tether), totaling about 2.67 million USDT, equivalent to approximately 20.87 million HKD. The police have detained him.
GateNewsBot5h ago
IoTeX plans to announce the compensation plan within 24 hours, and L1 has been restored online.
Odaily Planet Daily reports that IoTeX announced on the X platform that after a suspected private key leak led to a hacking attack, the L1 has been restored and upgraded to operate normally. The new version v2.3.4 includes a default blacklist that automatically filters malicious EOA addresses to enhance network security. A comprehensive compensation plan for affected bridging users will be announced within 24 hours.
GateNewsBot5h ago
Trump DeFi project was hacked, and short sellers targeted it! The stablecoin USD 1 briefly dropped to $0.9942.
The USD stablecoin USD1 of the cryptocurrency project World Liberty Financial supported by the Trump family was subjected to an organized attack on . The price once dropped to $0.9942. The attackers hacked into multiple founders' accounts and spread rumors, attempting to profit from it. However, officials emphasized that the stability mechanism and asset reserves of USD1 remain intact, and the coin price has stabilized back to the $1 level. This incident highlights the security and market trustworthiness of the currency.
区块客10h ago
ZachXBT is about to announce a major investigation into suspected insider trading in crypto
Onchain investigator ZachXBT announced a major investigation regarding insider trading within a crypto company, set to be revealed on February 26. Market speculation centers around the Meteora protocol on Solana, currently deemed the highest suspect.
TapChiBitcoin10h ago
A Chinese businessman was kidnapped and murdered in Turkey, and the suspect withdrew a large amount of funds from his crypto account.
A 38-year-old Chinese businessman surnamed Wang was kidnapped and killed in Turkey, with the suspects having a debt dispute with him. Wang was kidnapped by 4 suspects while dining with a female friend, who pretended to be uninvolved. Police discovered his body, and the suspects have been arrested, including the woman who was in collusion with them.
GateNewsBot11h ago
