ALL POSTS

Key Findings North Korea-linked threat actor UNC1069 has been observed targeting the cryptocurrency sector to steal sensitive data The intrusion relied on a social engineering scheme involving a compromised Telegram account, a fake Zoom meeting, a ClickFix infection vector, and reported usage of AI-generated video to deceive victims UNC1069 has a history of conducting social engineering campaigns for financial gain using fake meeting invites and posing as investors from reput

Background In September 2025, SonicWall, a cybersecurity firm, disclosed a security breach that exposed firewall configuration files tied to MySonicWall accounts. The company initially claimed that less than 5% of customers were impacted, and no files were leaked. However, in October, SonicWall confirmed that threat actors had accessed the preference files of all firewalls using its MySonicWall cloud backup service. Key Findings The stolen files contained encrypted credential