A financially driven North Korean threat actor is using innovative social engineering techniques powered by deepfakes to target cryptocurrency companies This article explores unc1069 specifically monetize. . This week, Mandiant from Google Cloud released research on a threat actor it monitors as UNC1069, which has been active since at least 2018.

The study mostly focuses on one attack where the attacker targeted a secondary victim by using the Telegram account of a cryptocurrency executive who had been compromised. Attackers pretended to be the account's legitimate owners and contacted the victim using the executive account. "After establishing a rapport with the victim, UNC1069 sent a Calendly link to set up a 30-minute meeting.

Mandiant thinks the recent incident was a targeted attack meant to facilitate cryptocurrency theft and to support "future social engineering campaigns by leveraging victim's identity and data," though Google did not specify how UNC1069 would specifically monetize this attack. Related: 'Reynolds' Bundles BYOVD With Ransomware Payload Companies should be careful not to install SDKs from outside sources or run malicious code, and to confirm any questionable meeting requests via a second channel (preferably over the phone or in person). Because ClickFix techniques deceive users into compromising themselves, they are disastrous for organizations.

Even now, total system takeover can sometimes be accomplished with just a few lines of code.