A blog from Microsoft explains that hackers are seriously targeting cryptocurrency investment companies via Telegram groups. A hacker known as DEV-0139 has been identified using Telegram groups to communicate with VIP clients and cryptocurrency platforms to launch their cyberattacks among members.
According to Microsoft’s investigation, the hacker impersonates cryptocurrency platforms to manipulate targets. In October 2022, the hacker invited targets to different Telegram groups and requested feedback on the fee structure cryptocurrency platforms. The hackers had revised the challenges of the cryptocurrency firms they impersonated to prove their legitimacy.
After the hacker had successfully won the trust of its targets, malware hidden in an excel file was sent out. The excel file contained tables and fee structures in different cryptocurrency exchange businesses. Microsoft explained that the hackers provided likely accurate data to build their credibility.
The malicious file is created to compromise the target’s machine and automatically install a backdoor for the hacker’s remote access. It was speculated that the threat actor could be responsible for other cyber espionage campaigns using the same techniques.
Furthermore, Microsoft discovered another malicious file during their investigations. “Through our telemetry, we discovered another file that uses the same dynamic link library (DLL) technique,” Microsoft explained. However, the threat actors hid the malware inside a Microsoft installer (MSI) package instead of an excel file.
Microsoft explained that due to the expansion of the cryptocurrency market, investors and threat actors have dedicated interest. Cryptocurrency is the common payment method after hackers successfully conduct ransomware attacks. In 2022, hackers expanded their pool of targets mainly focusing on cryptocurrency organizations for huge financial gains. Some of their targets are relatively new but manage millions of dollars.
According to Microsoft, hackers are leveraging all kinds of techniques to conduct cyber espionage activities against cryptocurrency organizations. Various techniques are leveraged to the extent that a hacker impersonates a cryptocurrency organization and memorizes useful information about the organization to gain its target’s trust.
One of the methods which Microsoft advised to mitigate threats from spreading is by educating end users about protecting personal and business information. This awareness teaches end users about preventing malware that could be in form of emails, text messages, or through social networks.
Microsoft also advised users to always make sure Microsoft Defender Antivirus software is up to date. Additionally, users are expected to modify Excel macro security settings to control the circumstances in which macros run.