- The Model Context Protocol: Simplifying Building AI apps with Anthropic Claude Desktop and Docker | Docker
- This robot vacuum and mop performs as well as some flagship models - but at half the price
- Finally, a ThinkPad model that checks all the boxes for me as a working professional
- Why I recommend this Android phone for kids over a cheap Samsung or Motorola model
- My favorite USB-C accessory of all time scores a magnetic upgrade
Microsoft Warns Cryptocurrency Firms Against Complex Cyber-Attacks
Threat actors have been observed targeting companies operating within the cryptocurrency industry for financial gain.
According to a new advisory published by Microsoft on Tuesday, attacks targeting this market have taken several forms over the past few months, including fraud, vulnerability exploitation, fake applications and info stealer deployment.
“We are also seeing more complex attacks wherein the threat actor shows great knowledge and preparation, taking steps to gain their target’s trust before deploying payloads,” the tech giant wrote.
One of the threat actors observed by Microsoft and operating in this industry is DEV-0139, who used Telegram groups to facilitate communication between VIP clients and cryptocurrency exchange firms and thus identified their target among the members.
“The threat actor posed as representatives of another cryptocurrency investment company, and in October 2022, invited the target to a different chat group and pretended to ask for feedback on the fee structure used by cryptocurrency exchange platforms,” Microsoft explained.
“The threat actor had a broader knowledge of this specific part of the industry, indicating that they were well prepared and aware of the current challenge the targeted companies may have.”
After establishing the first contact with potential victims, DEV-0139 sent a weaponized Excel file that contained tables about fee structures among cryptocurrency exchange companies.
Microsoft suggested the data in the document was possibly accurate to increase their credibility, but once executed, the malicious file infected the victim’s machine, achieved persistence and installed a backdoor for subsequent remote access.
“Further investigation through our telemetry led to the discovery of another file that uses the same DLL [dynamic link library] proxying technique. But instead of a malicious Excel file, it is delivered in an MSI [Microsoft installer] package,” Microsoft wrote. “This may suggest other related campaigns are also run by the same threat actor, using the same techniques.”
To defend against this type of attack, the company has included in its advisory a list of indicators of compromise (IoC) alongside other security considerations.
The information about the new threats comes weeks after decentralized finance (DeFi) platform Moola Market suffered a security incident leading to a loss of up to $9m in cryptocurrency.