What is UNC1069 and who runs it?

UNC1069's a North Korean-linked group since 2018, financially motivated, targeting crypto for regime funding via malware and phishing.

How do ClickFix attacks work?

Attackers pose as support during fake calls, tricking users into running disguised malware commands as 'fixes' for audio or tech glitches.

Can AI deepfakes be detected in phishing?

Yes, but it's tough — look for glitches, verify via secondary channels, deploy tools like liveness detection; train staff relentlessly.

🌐 Nation-State Threats

UNC1069's AI Deepfake Zoom Trap: Seven Malware Families Hit Crypto Hard

A fake Zoom glitch leads to seven malware implants on a crypto exec's Mac. North Korea's UNC1069 just leveled up social engineering with AI deepfakes — and it's terrifyingly effective.

theAIcatchup Apr 08, 2026 4 min read

Fake Zoom meeting interface with troubleshooting commands from UNC1069 crypto attack

⚡ Key Takeaways

UNC1069 used AI deepfakes in fake Zoom to deliver ClickFix malware, deploying 7 families including new SILENCELIFT. 𝕏
Shift from basic AI productivity to operational lures marks a tactical evolution in North Korean cyber ops. 𝕏
Crypto sector's human vectors like Telegram and meetings remain prime targets; biometrics and verification essential. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#AI deepfakes #cryptocurrency malware #north korea hackers #unc1069

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Mandiant Blog

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

North Korea's UNC1069 Turns Axios NPM into Cross-Platform Trapdoor

North Korea's UNC1069 Turns Axios into a Global Backdoor Dropper

North Korean Hackers' Slick Slack Trick: Inside the Axios npm Compromise

Axios NPM Breach: North Korea's Precision Strike on JS Devs

Stay in the loop