A hacking group reportedly based out of North Korea has come up with a “new tooling and AI-enabled social engineering” scam, according to Google, and it’s pretty complicated.
Effectively, it uses a hacked account to send a Zoom link via a calendar invite to an uncompromised account. That version of Zoom is, in fact, a spoof, and what targets are met with is a deepfaked version of the account owner. Google’s report notes that a version of this deepfake takes the form “of a CEO from another cryptocurrency company.”
Related articles
North Korean actor UNC1069 is targeting the crypto sector with AI-enabled social engineering, deepfakes, and 7 new malware families. Get the details on their TTPs and tooling, as well as IOCs to detect and hunt for the activity detailed in our post 👇https://t.co/t2qIB35stt pic.twitter.com/mWhCbwQI9FFebruary 9, 2026
Google says UNC1069 is “employing these techniques to target both corporate entities and individuals within the cryptocurrency industry, including software firms and their developers, as well as venture capital firms and their employees or executives.”
This hack needs access to an account to start in the first place, so Google notes further attacks have “a dual purpose; enabling cryptocurrency theft and fueling future social engineering campaigns by leveraging victim’s identity and data.”
Though Google states that the account linked to the group has been terminated, Gemini was used at some point “to develop tooling, conduct operational research, and assist during the reconnaissance stages.”
Gemini is not the only AI tool being used in similar cybercrimes. Antivirus creator and cybersecurity company Kaspersky claims hacking group BlueNoroff is using GPT-4o to enhance images to convince targets.
As AI gets more impressive and complicated, so too will the scams to accompany it. One can only hope that anti-scam measures become equally clever.
Best gaming rigs 2026
All our favorite gear