Increasing Threats Targeting Cryptocurrency Industry, Microsoft Reports
Recent reports from Microsoft highlight a growing trend of threat actors targeting companies within the cryptocurrency industry for financial gain. These attacks have taken various forms, including fraud, vulnerability exploitation, fake applications, and info stealer deployment.
Complex Attacks on the Rise
Microsoft’s latest advisory reveals that threat actors are becoming more sophisticated, with some even going to great lengths to gain their target’s trust before launching attacks. One such threat actor, known as DEV-0139, used Telegram groups to communicate with VIP clients and cryptocurrency exchange firms to identify potential targets.
Posing as representatives of a legitimate cryptocurrency investment company, DEV-0139 engaged targets in discussions about fee structures used by cryptocurrency exchange platforms. This level of knowledge and preparation indicates a high degree of sophistication on the part of the threat actor.
Weaponized Excel Files and Backdoor Access
After establishing contact with potential victims, DEV-0139 sent weaponized Excel files containing tables about fee structures among cryptocurrency exchange companies. While the data in the document appeared to be accurate to increase credibility, the files actually contained malware that infected the victim’s machine, achieved persistence, and installed a backdoor for remote access.
Further investigation by Microsoft uncovered additional files using similar techniques, suggesting that other related campaigns may be ongoing.
Protecting Against Attacks
Microsoft has provided a list of indicators of compromise (IoC) and security considerations in its advisory to help companies defend against these types of attacks. It is crucial for organizations operating in the cryptocurrency industry to remain vigilant and implement robust security measures to protect against evolving threats.
Recent Security Incident at Moola Market
These new threats come on the heels of a security incident at decentralized finance (DeFi) platform Moola Market, where up to $9 million in cryptocurrency was lost. The incident serves as a stark reminder of the importance of cybersecurity in the cryptocurrency industry.