ChainCatcher reports that, according to Cointelegraph, the U.S. cybersecurity firm Mandiant, a subsidiary of Google Cloud, has discovered that North Korea-linked threat groups are increasing social engineering attacks targeting cryptocurrency and fintech companies.
The threat group (codenamed UNC1069) has deployed seven malicious software suites, including newly discovered SILENCELIFT, DEEPBREATH, and CHROMEPUSH, aimed at obtaining sensitive data and stealing digital assets. The attackers exploit compromised Telegram accounts and use AI-generated deepfake videos to lure victims into fake Zoom meetings. Mandiant has been tracking this group since 2018, but advances in AI have helped the group expand its malicious activities since November 2025. In one intrusion, the attackers used stolen cryptocurrency founder Telegram accounts to initiate contact and employed a so-called ClickFix attack to trick victims into executing “troubleshooting” commands containing hidden instructions.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Slowmist CISO: DarkSword Attack Tool Leaked, iOS Users Advised to Update System Immediately
Gate News Alert: On March 25, 23pds, Chief Information Security Officer at SlowMist Technology, posted a reminder on social media on the 23rd warning that the DarkSword attack tool has been leaked, and all iOS users should update their systems immediately. According to the report, the core capability of this attack tool is to extract forensic-level data from iOS devices through HTTP interfaces. In actual attacks, threat actors can combine social engineering or watering hole attacks to trick users into infection, thereby stealing data from iPhones and iPads and uploading it to servers controlled by the attackers.
GateNews33m ago
Slow Mist Alert: LiteLLM Attacked on PyPI, Crypto Wallets and API Keys Leaked
LiteLLM suffered a PyPI supply chain attack, with compromised versions 1.82.7 and 1.82.8 injected with multilayered malicious code that steals sensitive information such as SSH keys and cloud credentials. Attackers were able to do this without directly compromising upstream services. Affected organizations should immediately rotate credentials and audit systems to prevent further damage.
MarketWhisper52m ago
SIREN surged 30.89% in 24 hours, now trading at $1.69
As of March 25, SIREN coin price surged 30.89% to $1.69, with a market cap of approximately $1.228 billion. The project combines AI and blockchain; however, it faces severe supply concentration risks, with controlling parties holding 88.5% of tokens, significantly increasing market volatility risks.
GateNews55m ago
ZachXBT: Russian OTC Broker Assisted Ransomware Money Laundering Over $4.7 Million, Fund Flows Span BTC to Avalanche
ZachXBT disclosed on X platform that Russian over-the-counter broker Khinkis is suspected of assisting ransomware money laundering of over $4.7 million since July 2025, involving the transfer of 796 Bitcoin, with funds being withdrawn in batches through multiple channels. The investigation shows the entity was active in Southeast Asia and Australia, with personal information repeatedly leaked, increasing enforcement difficulties.
金色财经_2h ago
Slowmist CISO: LiteLLM Suffers PyPI Supply Chain Attack, Sensitive Information Including Crypto Wallets and Cloud Credentials at Risk of Leakage
LiteLLM Python AI gateway library suffered a PyPI supply chain attack. Attackers can steal sensitive user information through the pip install litellm command, including SSH keys, cloud service credentials, Kubernetes configurations, and Git credentials.
BlockBeatNews2h ago
