According to a report published last week by Microsoft‘s Security Intelligence team, the attacker known as DEV-0139 is targeting rich cryptocurrency funds using Telegram group conversations in current crypto-focused attacks.
Crypto Attacks
Mutual funds and wealthy traders are largely struggling with the transaction fees imposed by cryptocurrency exchanges. To reduce their negative impact on margins and earnings, and because they are costly, they need to be optimized. Like many other businesses in this industry, stock market fees make up the majority of expenses. The attacker or a gang of attackers, on the other hand, used this particular problem to manipulate crypto fund targets.
Joining several Telegram groups popular with high-profile users and exchanges, DEV-0139 chose its targets from the groups. According to the information in the Microsoft report, exchanges such as OKX, Huobi, and Binance were the target of this attack.
What Did DEV-0139 Do?
While directing his target to a different chat group, DEV-0139 pretended to be an exchange employee and pretended to ask for opinions on the cost structures used by exchanges. After gaining the trust of the target, he lured the victims into a conversation in which he gradually manipulated them using their industry knowledge and readiness.
DEV-0139 then sent a weaponized Excel file containing precise information about the fee structures of various bitcoin exchange companies, in an attempt to boost his reputation. A number of actions were initiated by the Excel file, including retrieving data using a malicious application and leaving another Excel sheet. Running in incognito mode, this page was then used to download an image file containing three executable files: a secure Windows file, a malicious DLL file and an XOR-encoded backdoor.
The backdoor was then used by the threat actor to gain remote access to the compromised system. Microsoft, on the other hand, claimed that DEV-0139 may have used similar strategies before.
References
www.coindesk.com
Leave a comment