ChainCatcher reports that, according to Cointelegraph, the U.S. cybersecurity firm Mandiant, a subsidiary of Google Cloud, has discovered that North Korea-linked threat groups are increasing social engineering attacks targeting cryptocurrency and fintech companies.
The threat group (codenamed UNC1069) has deployed seven malicious software suites, including newly discovered SILENCELIFT, DEEPBREATH, and CHROMEPUSH, aimed at obtaining sensitive data and stealing digital assets. The attackers exploit compromised Telegram accounts and use AI-generated deepfake videos to lure victims into fake Zoom meetings. Mandiant has been tracking this group since 2018, but advances in AI have helped the group expand its malicious activities since November 2025. In one intrusion, the attackers used stolen cryptocurrency founder Telegram accounts to initiate contact and employed a so-called ClickFix attack to trick victims into executing “troubleshooting” commands containing hidden instructions.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Project 0 Founder: The website redirect attack from yesterday has been resolved; a user who lost $1,000 will receive full compensation.
On March 13, Project 0 founder MacBrennan announced that a team member's GitHub key was compromised, and the attacker redirected users to other websites. The team detected and prevented the vulnerability in time, avoiding any loss of funds, but one user lost $1,000, and the platform will issue a full refund.
GateNews13m ago
GI-TOC Latest Report: USDT Becomes New Tool for Gold Laundering in Venezuela
The Global Initiative Against Transnational Organized Crime (GI-TOC) report indicates that Venezuela has become a major destination for illegal Amazon gold and conducts transactions through USDT (Tether), functioning as a money laundering hub. The article also discusses U.S. Congressional legislation targeting illegal gold mining, emphasizing the need to incorporate digital asset provisions to enhance effectiveness.
MarketWhisper26m ago
SlowMist: ClawHub Developers Need to Be Alert to Phishing and Credential Leakage Risks
Slowmist's Chief Information Security Officer issued a security warning, reminding ClawHub developers to be vigilant against phishing and credential exposure risks. The attack pathway involves credential theft leading to malicious code injection, which could result in system compromise.
GateNews1h ago
Vitalik Buterin Proposes "Duress Code" Security Solution to Protect Cryptocurrency Holders from Robbery
Ethereum co-founder Vitalik Buterin has proposed a new personal security solution that enhances the safety of cryptocurrency holders through a "duress code alert mechanism." Users can set a duress code in smart devices that, when triggered, automatically calls emergency services and transmits location information, thereby increasing rescue probability and reducing risks of kidnapping and robbery. This solution emphasizes passive triggering to protect civil liberties and reduce the potential for government surveillance, potentially offering new security protection ideas for crypto asset users.
GateNews1h ago
US Treasury Sanctions North Korean IT Fraud Network Facilitators, Crypto Industry Becomes Key Target
The U.S. Department of the Treasury has imposed sanctions on six individuals and two entities for allegedly assisting North Korean IT workers in conducting fraud and providing financial support to North Korean weapons programs. The sanctioned entities include a North Korean company and a Vietnamese company, involving approximately $2.5 million in transfers. Investigations reveal that such fraud schemes target multiple industries and pose serious security threats to the cryptocurrency sector.
GateNews2h ago
Ark Invest Discovers Over $480 Billion in Bitcoin Vulnerable to Quantum Computing Attacks
A new report from ARK Invest warns that approximately 6.9 million Bitcoin — equivalent to an estimated value of 483 billion USD at an average price of 70,000 USD — are at risk of being attacked by quantum computers in the future.
Risk from elliptic curve cryptography
This threat centers on the elliptic curve cryptographic system
TapChiBitcoin2h ago
