Google’s threat teams are flagging an escalated North Korea–linked cyber push that blends generative AI with blockchain-based concealment to hit crypto and DeFi organizations. What stands out is the combination of AI-enabled deception and on-chain techniques that make traditional takedowns and signature-based controls less effective.
The warning draws on Mandiant work published on Feb. 9, 2026, alongside Google Threat Intelligence Group (GTIG) analyses dated Oct. 16 and November 2025, which connect at least two DPRK-associated clusters to the activity and quantify the 2025 impact. For trading desks, treasuries, and custodians, the headline risk is straightforward: this campaign is optimized to reach the systems that hold keys, credentials, and privileged developer access.
AI-driven intrusion tradecraft is moving from “assistive” to “adaptive”
Google and Mandiant say the cluster tracked as UNC1069 operationalized large language models across both the front end and back end of intrusion workflows. In practice, the group used models such as Gemini to scale multilingual phishing, deepfakes, and spoofed video calls, and then to generate obfuscated malware code on demand. GTIG described the approach as “just-in-time code creation,” producing fast-changing VBScript variants designed to frustrate static detections and complicate attribution.
Investigators also described a broader implant ecosystem that supports persistence and credential harvesting once an initial foothold is established. Mandiant and GTIG identified at least seven malware families—WAVESHAPER, HYPERCALL, SUGARLOADER, HIDDENCALL, SILENCELIFT, DEEPBREATH, and CHROMEPUSH—aimed at credential stores, browser cookies, and developer workstations. The reporting further notes a malicious browser extension used for keystroke logging and cookie exfiltration, reinforcing that endpoint compromise remains a primary pathway to account takeover and fund theft.
This blend of tailored social engineering and adaptive malware changes the probability curve for targeted intrusions, especially against teams that operate high-privilege environments. Operationally, the shift lowers the barrier to sustained access, increasing the odds that attackers can quietly extract API keys, session tokens, or signing material before anyone sees an obvious alert. That reality elevates the importance of endpoint hygiene, hardened identity controls, and out-of-band verification for any action that moves funds or changes critical permissions.
EtherHiding turns smart contracts into a stealth delivery and C2 channel
GTIG attributes a separate technique—“EtherHiding”—to another DPRK-linked actor, UNC5342, and the method is structurally different from typical infrastructure-based command-and-control. EtherHiding places malicious payloads or JavaScript inside smart contracts and retrieves them through read-only calls like eth_call, which do not generate the normal on-chain transaction footprints defenders rely on. That design choice complicates detection, limits takedown options, and enables a more resilient delivery mechanism than conventional web-hosted payloads.
GTIG also reported EtherHiding payloads on multiple chains, including BNB Smart Chain and Ethereum, and emphasized the persistence benefits that immutability can provide the attacker. Because smart contracts are durable and can serve as a stable retrieval point, operators can pivot domains, adjust payload behavior, and refresh lures without leaning on fragile traditional infrastructure. The technique was tied in the reporting to recruitment-style lures aimed at developers and crypto professionals, keeping the initial-access focus firmly on human trust and developer workflows.
The economic motivation behind the innovation is explicit in the same reporting. Google and Mandiant highlighted an estimated $2.02 billion stolen by DPRK-linked actors in 2025, a 51% year-over-year increase, underscoring why the threat actors keep iterating on stealth and scale. When AI-assisted social engineering is paired with blockchain-based concealment, attack timelines compress and asymmetric risk rises for custody providers, token issuers, and engineering teams.
For defenders, the practical takeaway is less about one “silver bullet” control and more about tightening the full operating model around privileged access. Teams should treat developer-facing channels as high-risk entry points, segregate development environments, harden signing-key practices, enforce multi-factor controls on treasury interfaces, and adopt detection that goes beyond static signatures to account for on-chain payload delivery. In a market where adversaries can now use public smart contracts as part of their toolkit, assuming “traditional infrastructure only” is no longer a safe baseline.