ChainCatcher reports that, according to Cointelegraph, the U.S. cybersecurity firm Mandiant, a subsidiary of Google Cloud, has discovered that North Korea-linked threat groups are increasing social engineering attacks targeting cryptocurrency and fintech companies.
The threat group (codenamed UNC1069) has deployed seven malicious software suites, including newly discovered SILENCELIFT, DEEPBREATH, and CHROMEPUSH, aimed at obtaining sensitive data and stealing digital assets. The attackers exploit compromised Telegram accounts and use AI-generated deepfake videos to lure victims into fake Zoom meetings. Mandiant has been tracking this group since 2018, but advances in AI have helped the group expand its malicious activities since November 2025. In one intrusion, the attackers used stolen cryptocurrency founder Telegram accounts to initiate contact and employed a so-called ClickFix attack to trick victims into executing “troubleshooting” commands containing hidden instructions.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Global Ledger: Cryptocurrency money laundering takes only 2 seconds, hackers move 76% of illicit funds before disclosure
Cryptocurrency hackers can now transfer stolen funds within 2 seconds of an attack starting, and in most cases, they move assets before victims disclose data breaches. Global Ledger's analysis of 255 crypto hacking incidents in 2025 draws the clearest conclusion: 76% of hacker attacks had funds transferred before public disclosure, and this percentage rose to 84.6% in the second half of the year.
MarketWhisper1h ago
BlockFills unexpectedly suspends customer withdrawals! Bitcoin crash impacts platform liquidity
Chicago-based cryptocurrency liquidity provider and lending institution BlockFills paused customer deposits and withdrawals last week and is currently working to restore platform liquidity. The company has over 2,000 institutional clients, with trading volume expected to exceed $61.1 billion in 2025. Despite the suspension of withdrawals, customers can still open and close positions in spot and derivatives trading.
MarketWhisper3h ago
Susquehanna-Backed Crypto Lender BlockFills Suspends Withdrawals as Bitcoin Sinks
BlockFills has temporarily halted deposits and withdrawals due to market volatility but continues to allow trading positions. The firm, which served over 2,000 clients and facilitated $61 billion in trading last year, aims to restore liquidity.
Decrypt11h ago
Bitcoin Ransom Demand Emerges in Nancy Guthrie Kidnapping
_Ransom notes demand up to $6M in Bitcoin in the Nancy Guthrie case as the FBI releases footage and confirms wallet activity._
A reported Bitcoin ransom demand has surfaced in the case of Nancy Guthrie, the 84-year-old mother of television anchor Savannah Guthrie.
Media outlets received
LiveBTCNews15h ago
Balancer: The white hat rescue fund application window for the V2 security incident on November 3rd is now open
Balancer announces that starting today, a 180-day white-hat rescue fund application window is open. Affected users can apply to recover their tokens. Funds are allocated based on the proportion of liquidity providers in each pool. Assets not claimed by the deadline will become dormant. The investigation is still ongoing.
GateNewsBot16h ago
