2月11日消息,谷歌旗下安全团队Mandiant披露,一个与朝鲜有关联的黑客组织,正利用深度伪造视频与虚假Zoom通话,对加密货币行业发动高度定制化的社会工程攻击,并通过植入多种恶意程序实施资产与数据窃取。
调查显示,该行动由网络威胁组织UNC1069发起。该团伙至少自2018年活跃,并在2023年后将目标从传统金融转向Web3领域,包括加密金融科技公司高管、软件开发者和风投从业者。此次事件始于一名业内高管的Telegram账户被劫持,攻击者以其身份接触目标,建立信任后发送伪造的Calendly视频会议邀请。
受害者点击链接后,被引导至攻击者控制的假Zoom域名。通话中,对方展示了一段疑似另一家加密公司CEO的深度伪造视频,并以“音频故障”为由,诱导目标在电脑上运行所谓的排错命令。这些命令在macOS和Windows系统中触发感染链,悄然部署多达七种恶意软件。
Mandiant确认,这些工具可窃取Keychain凭据、浏览器Cookie、登录信息、Telegram会话及本地敏感文件。研究人员判断,攻击者一方面意在直接获取加密资产,另一方面也在收集情报,为后续诈骗铺路。单台设备中部署如此多工具,表明这是一次精心策划的定点渗透。
这一事件并非孤例。2025年,类似的AI会议诈骗已造成超过3亿美元损失;全年与朝鲜相关的网络行动共窃取约20.2亿美元数字资产,同比增长51%。Chainalysis还指出,结合链上AI服务的诈骗团伙,其效率显著高于传统模式。
随着深度伪造门槛持续降低,加密行业正面临前所未有的安全挑战。专家提醒,涉及资金与系统权限的线上会议,必须强化多重验证与设备隔离,否则将成为下一波攻击的突破口。
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Articoli correlati
Scammers Mail Fake Ledger and Trezor Letters to Steal Seed Phrases
_Scammers use fake postal letters and QR codes to trick Trezor and Ledger users into revealing wallet seed phrases._
Crypto phishing attacks are no longer limited to emails and fake ads. Criminals are now sending physical letters to hardware wallet users. Mail looks official and urges quick
LiveBTCNews1h fa
Protect Your XRP: 6 New Phishing Tactics Identified by XRPL Contributor Wietse Wind - U.Today
Wietse Wind, developer of the Xaman wallet, warns of a February 2026 scam campaign targeting the XRP community through six methods, including fraudulent sign requests, malicious NFTs, impersonation accounts, phishing emails, fake wallets, and token giveaways. Wind emphasizes the importance of user verification and caution.
UToday8h fa
多链借贷协议ZeroLend将逐步停运,建议用户尽快撤出资金
ZeroLend 宣布将逐步停止运营,原因是协议现状不可持续,流动性下降和恶意行为增多。团队正 prioritize 确保用户安全撤回资产,建议用户尽快取出资金。
GateNewsBot9h fa
韩国警方保管22枚涉案BTC确认外流,内部流转路径及人员参与可能性被调查
Odaily星球日报讯 韩国江南警察署在调查中保管的 22 枚比特币被确认外流,按当前价格约 21 亿韩元,这些比特币为 2021 年警方在案件调查中收到的自愿提交资产。调查显示冷钱包实体未被盗,但内部资产被转走,执法机构已对内流经过及内部参与可能性展开调查,据悉此事是在光州地方检察厅 320 枚比特币失窃事件被披露后全国排查过程中发现的。(Donga)
GateNewsBot11h fa
XRPL Validator: Privacy Upgrades for XRP-Issued Assets Could Boost Adoption - U.Today
XRP Ledger validator Vet signals an opportune moment for future adoption with privacy features for Multi-Purpose Tokens (MPTs), enabling compliance through confidential transfers. Developer Wietse Wind warns users about a surge in scams targeting XRPL, urging vigilance against deceptive practices.
UToday11h fa
OpenEden官網DNS疑遭劫持!團隊強調「別點網址」儲備資產仍安全
OpenEden 代幣化平台發現官網及門戶網站的 DNS 疑似遭篡改,呼籲用戶暫勿與相關域名互動,以避免資產被盜。所有鏈上儲備資產仍安全,用戶可透過 Chainlink 驗證底層資產狀況。團隊正在調查並會提供進一步更新。
動區BlockTempo13h fa
