The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

UNC1069 Uses New Tools to Target Crypto Entities

Feb 20, 2026 1:53:03 PM / by The Hivemind posted in Threat Bulletin, social engineering, Cryptocurrency Theft, MacOS malware, North Korean threat actors, DeFi targeting, deepfake, UNC1069

0 Comments

Verticals Targeted: Cryptocurrency, Financial
Regions Targeted: Not specified
Related Families: SUGARLOADER, WAVESHAPER, HYPERCALL, HIDDENCALL, SILENCELIFT, DEEPBREATH, CHROMEPUSH

Executive Summary

A targeted intrusion into a FinTech entity in the cryptocurrency sector was attributed to UNC1069, a North Korea-nexus financially motivated threat actor. The operation deployed seven unique malware families on a macOS host through sophisticated social engineering involving a compromised Telegram account, a spoofed Zoom meeting, a reported deepfake video, and a ClickFix technique to initiate infection.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More