Cryptocurrency

Crypto: Google Cloud Flags North Korea-linked Crypto Malware Campaign

2026-02-11 0 views admin
Crypto: Google Cloud Flags North Korea-linked Crypto Malware Campaign

Mandiant, which operates under Google Cloud, has tracked the suspected North Korean scammers since 2018, and AI has helped scale up malicious attacks since November 2025.

North Korea-linked threat actors are escalating social engineering campaigns targeting cryptocurrency and fintech companies, deploying new malware designed to harvest sensitive data and steal digital assets.

In a recent campaign, a threat cluster tracked as UNC1069 deployed seven malware families aimed at capturing and exfiltrating victim data, according to a Tuesday report from Mandiant, a US cybersecurity company that operates under Google Cloud.

The campaign relied on social engineering schemes involving compromised Telegram accounts and fake Zoom meetings with deepfake videos generated through artificial intelligence tools.

“This investigation revealed a tailored intrusion resulting in the deployment of seven unique malware families, including a new set of tooling designed to capture host and victim data: SILENCELIFT, DEEPBREATH and CHROMEPUSH,” the report states.

Related: CZ sounds alarm as ‘SEAL’ team uncovers 60 fake IT workers linked to North Korea

Mandiant said the activity represents an expansion of the group’s operations, primarily targeting crypto companies, software developers and venture capital businesses.

The malware included two newly discovered, sophisticated data-mining viruses, named CHROMEPUSH and DEEPBREATH, which are designed to bypass key operating system components and gain access to personal data.

The threat actor with “suspected” North Korean ties has been tracked by Mandiant since 2018, but AI advancements helped the malicious actor scale up its operations and include “AI-enabled lures in active operations” for the first time in November 2025, according to a report at that time from the Google Threat Intelligence Group.

Cointelegraph contacted Mandiant for additional details regarding the attribution, but had not received a response by publication.

Source: CoinTelegraph

🏷️ Tags

cryptocryptocurrency

More from Cryptocurrency

Crypto: Anthropic Says It's Been Targeted In Massive Distillation Attacks

Crypto: Anthropic Says It's Been Targeted In Massive Distillation Attacks

2026-02-25 0
Crypto: Bitwise Acquires Chorus One, Potentially Paving Way For More Staked...

Crypto: Bitwise Acquires Chorus One, Potentially Paving Way For More Staked...

2026-02-25 0
Crypto: Eth Bounces Off $1.8k As Multiple Ether Price Metrics Point To...

Crypto: Eth Bounces Off $1.8k As Multiple Ether Price Metrics Point To...

2026-02-24 0
Crypto: Esma Warns Crypto Perpetual Derivatives Likely Fall Under Cfd Rules

Crypto: Esma Warns Crypto Perpetual Derivatives Likely Fall Under Cfd Rules

2026-02-24 0

Trending

1

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

2025-10-27 • 189 views
2

CVE-2025-43939: Dell Unity OS Command Injection (High)

2025-10-30 • 148 views
3

Google disputes false claims of massive Gmail data breach

2025-10-30 • 130 views
4

Microsoft: DNS outage impacts Azure and Microsoft 365 services

2025-10-30 • 88 views
5

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting

2025-11-25 • 81 views