Microsoft released a new advisory last Tuesday detailing how threat actors have been targeting companies in the cryptocurrency industry with the goal of financial gain. Microsoft stated that it had observed several forms of attacks targeting this industry over the past few months such as fraud, fake applications, info stealers, and vulnerability exploitation. One of the threat actors identified by Microsoft operating the campaigns is DEV-0139. The group uses Telegram groups to facilitate communication between VIP clients and cryptocurrency exchange firms.
The threat actors behind DEV-0139 posed as representatives of another cryptocurrency investment company to trick the recipient into believing the messages were legitimate. Microsoft stated that the threat actor had knowledge of the industry, signifying a level of sophistication and that the group was well prepared for the attack. Microsoft identified an Excel file weaponized by the hackers containing tables about fee structures designed to increase their credibility.
Read More: Microsoft Warns Cryptocurrency Firms Against Complex Cyber-Attacks