Mandiant: North Korean hacker groups are intensifying social engineering attacks targeting cryptocurrency and fintech companies
ChainCatcher News, according to Cointelegraph, the US cybersecurity company Mandiant, which is part of Google Cloud, has discovered that North Korea-linked threat groups are intensifying social engineering attacks targeting cryptocurrency and fintech companies.
The threat group (codenamed UNC1069) has deployed seven malware suites, including the newly discovered SILENCELIFT, DEEPBREATH, and CHROMEPUSH, aiming to obtain sensitive data and steal digital assets. Attackers lure victims using compromised Telegram accounts and deepfake videos generated by artificial intelligence for fake Zoom meetings. Mandiant has been tracking this group since 2018, but advances in AI have helped the group expand its malicious activities since November 2025. In one breach, attackers used a stolen cryptocurrency founder's Telegram account to initiate contact, inducing victims to execute "troubleshooting" commands containing hidden instructions through a so-called ClickFix attack.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Golden Ten Futures Chart
Iran Threatens to Hit Neighboring Oil Facilities, Iran's Revolutionary Guard: Ready for $200 Oil Price
Nomura: Storage chip prices may rise further in the second quarter
Trending news
MoreCrypto prices
More
