The cybersecurity landscape is constantly evolving, with increasingly sophisticated threats leveraging new technologies. A particularly significant case involves the hacker group UNC1069, also known as MASAN, CryptoCore, or Bluenoroff, which has used artificial intelligence to orchestrate targeted attacks against the cryptocurrency sector.
Between late 2025 and early 2026, UNC1069 conducted a sophisticated attack against an executive in the cryptocurrency industry. The operation began with compromising the Telegram account of another industry executive, subsequently used to organize a fake Zoom meeting. The attackers created a fraudulent website (zoom.uswe05.us) that simulated the videoconferencing platform and used an AI-generated deepfake video to impersonate a CEO during the call. Through an infection technique called ClickFix, the criminals managed to embed malicious commands that led to the installation of malware, including the SUGARLOADER downloader.
Particularly concerning was the attackers’ use of Google Gemini AI to gather information on cryptocurrency wallets, generate phishing templates in Spanish, and develop malicious tools. According to the Google Threat Intelligence Group (GTIG), UNC1069’s adoption of artificial intelligence was documented throughout 2025, highlighting a growing trend.
This incident represents a significant quality leap in cybercriminals’ tactics. The combined use of advanced social engineering, deepfakes, and generative artificial intelligence shows how new technologies can be exploited for more convincing and difficult-to-detect attacks. The cryptocurrency sector, already a preferred target for its economic value, becomes even more vulnerable to these evolved threats.
To protect against similar attacks, companies should implement multi-factor authentication on all communication platforms, train employees to recognize signs of digital manipulation, and always verify the identity of interlocutors through secondary channels during sensitive communications. It is also essential to keep security systems updated and actively monitor suspicious activities.
- In conclusion:
- The integration of artificial intelligence into attack strategies represents a new frontier of cyber threats
- High economic value sectors, such as cryptocurrency, are particularly at risk
- The combination of traditional social engineering techniques with advanced technologies requires a more sophisticated and aware security approach
Sources:
https://cloud.google.com/blog/topics/threat-intelligence/unc1069-targets-cryptocurrency-ai-social-engineering
https://moonlock.com/google-warns-new-ai-malware
https://www.vectra.ai/blog/how-threat-actors-turned-ai-into-a-weapon
https://www.aicerts.ai/news/cryptocore-ai-misuse-powers-gemini-enabled-north-korean-raids
Source: Mandiant