The North Korean group UNC1069 has intensified its focus on financial institutions, employing advanced AI tools for social engineering attacks. They utilize new malware to exploit vulnerabilities and steal sensitive data from victims, including credentials and browser information.

UNC1069, a North Korean threat group, has been exploiting social engineering tactics and AI tools to infiltrate cryptocurrency companies. Their recent attack involved a compromised Telegram account, a fake Zoom meeting with a deepfake video, and multiple malware families to harvest sensitive data. The operation highlights a significant evolution in their methods since 2018.

A malicious update in the npm package postmark-mcp introduced a backdoor that silently exfiltrates emails from users to an external server, highlighting severe vulnerabilities in the trust model of MCP servers used by AI assistants. With over 1,500 weekly downloads, developers unknowingly handed over complete email control to a compromised tool, raising alarms about the security of tools integrated into enterprise workflows. Immediate action is required to remove the malicious package and audit other MCP servers for similar risks.