ChainCatcher reports that, according to Cointelegraph, the U.S. cybersecurity firm Mandiant, a subsidiary of Google Cloud, has discovered that North Korea-linked threat groups are increasing social engineering attacks targeting cryptocurrency and fintech companies.
The threat group (codenamed UNC1069) has deployed seven malicious software suites, including newly discovered SILENCELIFT, DEEPBREATH, and CHROMEPUSH, aimed at obtaining sensitive data and stealing digital assets. The attackers exploit compromised Telegram accounts and use AI-generated deepfake videos to lure victims into fake Zoom meetings. Mandiant has been tracking this group since 2018, but advances in AI have helped the group expand its malicious activities since November 2025. In one intrusion, the attackers used stolen cryptocurrency founder Telegram accounts to initiate contact and employed a so-called ClickFix attack to trick victims into executing “troubleshooting” commands containing hidden instructions.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Security expert: North Korea has turned cryptocurrency theft into a way to finance military spending, and it has become a systemic threat
North Korean hackers’ attacks against the cryptocurrency industry continue to escalate, becoming an important source of funding for maintaining their military budget. Experts say that, unlike hackers from other countries, North Korea relies more heavily on crypto theft; its tactics have evolved into precision takeover—long-term infiltration that is difficult to effectively defend against—posing a serious threat to the industry.
GateNews25m ago
German hackers arrested in Bangkok over alleged cryptocurrency extortion and 74 arrest warrants for cybercrimes
A 27-year-old German hacker, Noah Christopher, was arrested in Thailand and faces up to 74 counts of cybercrime, accused of developing ransomware and providing network attack services, involving transnational cybercrime. His visa was revoked, and he is awaiting extradition to Germany.
GateNews2h ago
Zerion Goes Dark Online – Here’s What Users Need to Know Now
Zerion took its web app offline after detecting unusual activity, urging users to avoid it while confirming mobile apps remain safe. The incident underscores the vulnerabilities of web interfaces in DeFi. More updates will follow.
LiveBTCNews2h ago
Phantom wallet crashes hard! During the airdrop period, token prices get mixed up, balances go to zero—users blast it for “making people lose money”
Phantom wallet in Solana’s ecosystem experienced a service outage during the airdrop period, causing abnormal token prices and account balances to be displayed, which affected users’ transactions. Some users suffered losses as a result and are demanding compensation. Security experts warned of phishing attack risks and advised users to verify on-chain data. Although the issue has been resolved, the trust crisis still needs to be monitored. This incident highlights the challenges self-custody wallets face in terms of system stability and user experience.
区块客4h ago
Web3 wallet Zerion detected abnormal activity on the platform; the web service is temporarily offline
Gate News message, April 11, Web3 wallet Zerion posted an announcement on the X platform saying that it detected abnormal activity on the platform, and the web app service has been temporarily taken offline. Zerion urges users to temporarily not use the web app; at the moment, the iOS and Android apps, as well as the browser extension program, are running normally and are secure, and users’ funds in the wallet are not affected. Zerion says it is actively monitoring the situation, and it will notify users separately once the web application is restored.
GateNews04-11 06:46
Phantom Wallet crashes big time! During the airdrop period, token prices went haywire and balances were reset to zero—users blasted it for “making them pay up.”
Phantom, a wallet in the Solana ecosystem, experienced a service outage during the airdrop, causing abnormal token prices and account balances to be displayed, which affected user transactions. Some users suffered losses as a result and demanded compensation. Security experts warned of the risk of phishing attacks and advised users to verify on-chain data. Although the issue has been fixed, the trust crisis still needs to be monitored. This incident highlights the challenges of self-custody wallets in terms of system stability and the user experience.
区块客04-11 05:50
