ChainCatcher reports that, according to Cointelegraph, the U.S. cybersecurity firm Mandiant, a subsidiary of Google Cloud, has discovered that North Korea-linked threat groups are increasing social engineering attacks targeting cryptocurrency and fintech companies.
The threat group (codenamed UNC1069) has deployed seven malicious software suites, including newly discovered SILENCELIFT, DEEPBREATH, and CHROMEPUSH, aimed at obtaining sensitive data and stealing digital assets. The attackers exploit compromised Telegram accounts and use AI-generated deepfake videos to lure victims into fake Zoom meetings. Mandiant has been tracking this group since 2018, but advances in AI have helped the group expand its malicious activities since November 2025. In one intrusion, the attackers used stolen cryptocurrency founder Telegram accounts to initiate contact and employed a so-called ClickFix attack to trick victims into executing “troubleshooting” commands containing hidden instructions.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
South Korean Police Lose $1.5M in Seized Bitcoin
_Seoul Gangnam Police lost 22 BTC worth $1.45M during a 2026 digital asset custody audit._
_The 22 seized BTC were drained remotely while the USB cold wallet remained in police custody._
_South Korea reported two custody breaches in 2026, including a separate 320 BTC loss in Gwangju._
S
LiveBTCNews3m ago
Two of Trump's "long-term allies" sued collectively by investors over "Patriot Pay" tokens
Investors in Missouri, USA, filed a lawsuit in federal court accusing Trump ally Steve Bannon and his company of defrauding investors through unregistered cryptocurrencies, claiming they concealed risks while promoting "Let's Go Brandon Coin" and "Patriot Pay," resulting in losses for thousands of investors. The plaintiffs are seeking compensation.
GateNewsBot28m ago
Blockchain lending platform Figure Technology confirms customer data breach
Blockchain lending platform Figure confirms a customer data breach caused by an employee falling victim to social engineering attacks. Figure is working with cybersecurity experts to investigate and strengthen system security, while advising affected customers to monitor their accounts for unusual activity. The hacker group ShinyHunters claims responsibility for this incident and has released the stolen data.
GateNewsBot4h ago
Publicly Traded Blockchain Lender Figure Confirms Customer Data Breach
In brief
Figure confirmed a data breach, saying that an employee was tricked in a social engineering attack.
Stolen files allegedly include names, addresses, dates of birth, and phone numbers, per a report.
The publicly traded lender says it is offering free credit monitoring to
Decrypt4h ago
$3.85 Million in Ethereum From Mixin Network Hack Sent to Tornado Cash
A dormant hacker wallet from the 2023 Mixin exploit transferred $3.85 million in Ethereum to Tornado Cash. The Mixin hack caused a $200 million loss. Mixin plans to repay affected users $23 million by September 2026, but continues operations with $1 billion in assets.
Decrypt10h ago
