Threat actors have been targeting companies in the cryptocurrency industry in recent months, aiming to profit financially through various means such as fraud, vulnerability exploitation, fake applications, and deploying information stealers. Microsoft recently released an advisory detailing these attacks and warning businesses in this sector to remain vigilant.
The attacks have become more sophisticated, with threat actors like DEV-0139 going to great lengths to gain their target’s trust before deploying malicious payloads. In one instance, DEV-0139 posed as representatives from a cryptocurrency investment company, engaging with VIP clients and cryptocurrency exchange firms through Telegram groups. By pretending to seek feedback on fee structures used by exchange platforms, the threat actor was able to establish contact with potential victims.
Once trust was established, DEV-0139 sent a weaponized Excel file containing tables detailing fee structures among cryptocurrency exchange companies. The data in the document appeared accurate to increase credibility, but upon execution, the file infected the victim’s machine, established persistence, and installed a backdoor for remote access. Further investigation revealed that similar attacks may be linked to the same threat actor, using similar techniques and delivery methods.
To combat these threats, Microsoft has provided a list of indicators of compromise (IoC) and other security considerations in its advisory. This information comes in the wake of a security incident at decentralized finance platform Moola Market, where up to $9 million in cryptocurrency was lost.
Businesses operating in the cryptocurrency industry must remain vigilant against these evolving threats and take proactive measures to protect their assets and data. By staying informed about the tactics used by threat actors and implementing robust security measures, companies can reduce their risk of falling victim to malicious attacks.