The security unit of Microsoft has warned of a threat actor targeting cryptocurrency investment startups via Telegram groups used to communicate with their VIP customers.
Microsoft Identifies Threat Actors Targeting Investment Firms
In a December 6th blog post, Microsoft stated that it had identified a threat group – DEV-0139 – which posed as a cryptocurrency investment company to infiltrate the Telegram group of crypto firms.
According to Microsoft, members of DEV-0139, who have extensive knowledge of crypto platforms would join these groups pretending to discuss trading fees with VIP clients of major exchanges.
An Elaborate Plan from the Lazarus Group
Microsoft notes that DEV-0139 is the same actor that cybersecurity firm Volexity linked to North Korea’s state-sponsored Lazarus Group. They send Excel documents to their targets containing accurate information about the trading fees and services offered.
Microsoft explains that the plans from the Lazarus Group are increasingly becoming complex, and the “threat actor shows great knowledge and preparation, taking steps to gain their target’s trust before deploying payloads.”
According to Microsoft, the Excel files are weaponized with “well-crafted” malware to infect systems that it then remotely accessed. With remote access, they steal the crypto and information of investment firms and crypto users.
On the Flipside
- Volexity reported that the Lazarus Group has also developed new and improved versions of its cryptocurrency-stealing malware AppleJeus.
Why You Should Care
The Lazarus Group is a North Korean hacking group sanctioned by the U.S. government. They allegedly steal crypto to sponsor the country’s nuclear weapons program.
Read about the most famous attack from the Lazarus Group below: