TechFlow reports that on February 11, according to Cointelegraph, Mandiant—a U.S. cybersecurity firm under Google Cloud—discovered that a North Korea–linked threat group is intensifying its social engineering attacks against cryptocurrency and fintech companies.
This threat group (designated UNC1069) has deployed seven malware families, including the newly discovered SILENCELIFT, DEEPBREATH, and CHROMEPUSH, aiming to exfiltrate sensitive data and steal digital assets. Attackers are leveraging compromised Telegram accounts and AI-generated deepfake videos to conduct fraudulent Zoom meetings as part of their deception.
Mandiant has been tracking this group since 2018; however, advances in artificial intelligence have enabled the group to scale up its malicious operations starting in November 2025. In one intrusion incident, attackers used a stolen Telegram account belonging to a cryptocurrency founder to initiate contact and then employed a so-called “ClickFix” attack to trick victims into executing “troubleshooting” commands containing hidden instructions.
