Google’s Mandiant security team has warned that North Korean hackers are using AI-generated deepfake videos in fake Zoom meetings to target crypto companies. In a recent case attributed to the group UNC1069 (CryptoCore), attackers used a compromised Telegram account, a spoofed meeting link, and a “ClickFix” technique to trick a victim into running malicious commands.

The attack deployed multiple malware strains to steal credentials, browser data, and session tokens for financial theft and future impersonation. According to Chainalysis, North Korean hackers stole $2.02 billion in crypto in 2025, bringing their total haul to about $6.75 billion.

Experts say these attacks are highly tailored, exploiting trust in routine digital interactions. Deepfake videos and AI-written messages make impersonation more convincing, and the risk is expected to grow as AI tools become more integrated into everyday communication.