North Korea-linked threat actors are increasing social engineering campaigns against crypto and fintech companies, using new malware to steal data and digital assets. Mandiant reported UNC1069 deployed seven malware families in a recent campaign, using compromised Telegram accounts and fake Zoom meetings with deepfake videos. The group primarily targets crypto firms, software developers, and venture capital companies, using new sophisticated data-mining viruses named CHROMEPUSH and DEEPBREATH. The threat actor with North Korean ties has been tracked since 2018, but AI advancements helped scale up their efforts. Attackers are stealing crypto founder accounts to launch ClickFix attacks, with one intrusion involving a compromised Telegram account and a Zoom meeting to trick victims into running troubleshooting commands that initiate the infection chain. North Korea-linked illicit actors have been a persistent threat to crypto investors and Web3-native companies, with previous incidents including the theft of $900,000 from crypto startups and the $1.4 billion Bybit hack.

Read more at Cointelegraph: North Korea Linked Hackers Deploy New Crypto Malware