North Korean threat actor UNC1069 used AI-generated deepfakes and sophisticated custom malware to target a FinTech company in the cryptocurrency sector. Mandiant’s investigation revealed a Telegram account hijack, a spoofed Calendly/Zoom call that lured the victim into a ClickFix routine, and deployment of seven malware families including SILENCELIFT, DEEPBREATH, and CHROMEPUSH. #UNC1069 #SILENCELIFT #DEEPBREATH #CHROMEPUSH
Keypoints
- UNC1069 escalated tradecraft by using AI-generated deepfakes to impersonate trusted executives during video calls.
- Attackers initiated contact by hijacking a Telegram account and sending a Calendly invite to a spoofed Zoom domain.
- A “ClickFix” social-engineering ruse tricked the victim into running malicious troubleshooting commands that infected macOS systems.
- Mandiant identified seven malware families in the intrusion, including new data-harvesting tools SILENCELIFT, DEEPBREATH, and CHROMEPUSH.
- These tools bypass macOS protections, steal credentials and browser data, and are aimed at draining digital assets from the cryptocurrency sector.
Read More: https://securityonline.info/fake-ceo-real-hack-north-korea-uses-ai-deepfakes-to-steal-crypto/