Google Cloud flags North Korea-linked crypto malware campaign
Mandiant, which operates under Google Cloud, has tracked the suspected North Korean scammers since 2018, but AI has helped scale up malicious attacks since November 2025.
North Korea-linked threat actors are escalating social engineering campaigns targeting cryptocurrency and fintech companies, deploying new malware designed to harvest sensitive data and steal digital assets.
In a recent campaign, a threat cluster tracked as UNC1069 deployed seven malware families aimed at capturing and exfiltrating victim data, according to a Tuesday report by Mandiant, a US cybersecurity firm Mandiant which operates under Google Cloud.
The campaign relied on social engineering schemes involving compromised Telegram accounts and fake Zoom meetings with deepfake videos generated through artificial intelligence tools.
Source: Cointelegraph →Related News
- Feb 24, 2026
Ethereum Foundation starts staking ETH as client diversity concerns persist
- Feb 24, 2026
‘Bitcoin scarcity is dead’: Crypto executives push back on viral claim
- Feb 24, 2026
Solo Bitcoin miner bags over $200K block reward using rented hashrate
- Feb 24, 2026
Vitalik sells 17K ETH in one month after earmarking $45M for privacy
- Feb 24, 2026
Stablecoin stagnation, tariffs a headwind for Bitcoin prices, analysts say