Microsoft Alerts Cryptocurrency Funds of Attacks Perpetrated by the Lazarus Group

The security unit of Microsoft has warned of a threat actor targeting cryptocurrency investment startups via Telegram groups.

Microsoft logo with woman shouting skull and boards used to seal windows

The security unit of Microsoft has warned of a threat actor targeting cryptocurrency investment startups via Telegram groups used to communicate with their VIP customers.

Microsoft Identifies Threat Actors Targeting Investment Firms

In a December 6th blog post, Microsoft stated that it had identified a threat group – DEV-0139 – which posed as a cryptocurrency investment company to infiltrate the Telegram group of crypto firms. 


According to Microsoft, members of DEV-0139, who have extensive knowledge of crypto platforms would join these groups pretending to discuss trading fees with VIP clients of major exchanges. 

An Elaborate Plan from the Lazarus Group

Microsoft notes that DEV-0139 is the same actor that cybersecurity firm Volexity linked to North Korea’s state-sponsored Lazarus Group. They send Excel documents to their targets containing accurate information about the trading fees and services offered.

Microsoft explains that the plans from the Lazarus Group are increasingly becoming complex, and the “threat actor shows great knowledge and preparation, taking steps to gain their target’s trust before deploying payloads.”

According to Microsoft, the Excel files are weaponized with “well-crafted” malware to infect systems that it then remotely accessed. With remote access, they steal the crypto and information of investment firms and crypto users.

On the Flipside

  • Volexity reported that the Lazarus Group has also developed new and improved versions of its cryptocurrency-stealing malware AppleJeus.

Why You Should Care

The Lazarus Group is a North Korean hacking group sanctioned by the U.S. government. They allegedly steal crypto to sponsor the country’s nuclear weapons program.

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Milko Trajcevski

Milko Trajcevski is a DailyCoin news reporter, mainly focused on Ethereum (ETH), Cardano (ADA), and their founders (Vitalik Buterin and Charles Hoskinson). Milko is an avid follower of crypto and blockchain technology and has written thousands of articles on the subjects. He finds joy in transforming complex issues into written content that anyone can understand. Milko has used and analyzed numerous exchanges, such as Coinbase, FTX, and Binance. He also closely follows all of the latest news around the largest decentralized exchanges (DEXs). Location: Skopje, Macedonia