Skip to content

Microsoft Warns of Crypto Hackers Becoming More Creative

The multinational technology company discovered a threat actor with the alias DEV-0139, who penetrated Telegram groups by pretending to be an agent of a cryptocurrency platform.

Photo by Max Bender / Unsplash

According to Microsoft's findings, hostile actors are continuously improving their level of sophistication. A recent investigation suggests that chat groups on the platform Telegram are being exploited to target cryptocurrency financial firms.

The multinational technology company discovered a threat actor with the alias DEV-0139, who penetrated Telegram groups by pretending to be an agent of a cryptocurrency platform.

Attacks Directed Against Cryptographic Companies

The post (1) published by the Security Threat Intelligence team at Microsoft stated that the cyber attackers had a deep knowledge of the cryptocurrency investment industry and invited at least one target to another Telegram group while posing as delegates of other crypto asset management companies.

The primary objective is to win the target's confidence by getting them involved in a conversation about a topic that interests them.

How is This Hack Executed?

The perpetrators of the attack emailed them malicious Excel spreadsheets that contained information that had been carefully constructed to appear authentic. When the weaponized Excel file is opened, macros are activated, and a second worksheet that is embedded in the file will download & parse a PNG file to retrieve a malevolent DLL, an XOR-encoded malware, and a genuine Windows exe file that will later be utilized to sideload the DLL, that will decrypt & load the backdoor. This will, in essence, grant the threat actor unauthorized connection to the hacked system belonging to the target.

Although Microsoft was unable to collect the complete payload, the company did identify a different form of this assault and was able to retrieve the payload. The research conducted by the organization revealed the presence of further ads that utilize the same strategies to target cryptocurrency companies.

The conclusion of the report was:

"The cryptocurrency market remains a field of interest for threat actors. Targeted users are identified through trusted channels to increase the chance of success. While the biggest companies can be targeted, smaller companies can also be targets of interest.”

The Crypto Scammers Having a Merry Time

The cryptocurrency market continues to be a target of interest for threat actors, who have recently shifted their focus toward more complex assaults to improve their chances of success.

Per a recent study (2) carried out by Privacy Affairs, a company specializing in cybersecurity & data privacy, the value of the cryptocurrency that threat actors stole in the first 11 months of this year increased by 37% to reach $4.3 billion.

According to Privacy Affairs, the top five biggest cryptocurrency scams perpetrated in 2022 were the disaster of FTX, Axie Infinity's Ronin Network strike in March ($615 million), the Wormhole crypto bridge exploit in February ($320 million), and the JuicyFields.io scam in July ($273 million), amongst others.

A significant portion of the total was comprised of rug pulls; more than 188,000 of these transactions were recorded on various blockchains, notably BNB and Ethereum.

Latest