Security News > 2022 > December > Microsoft: Hackers target cryptocurrency firms over Telegram
Microsoft says that cryptocurrency investment companies have been targeted by a threat group it tracks as DEV-0139 via Telegram groups used to communicate with the firms' VIP customers.
"Microsoft recently investigated an attack where the threat actor, tracked as DEV-0139, took advantage of Telegram chat groups to target cryptocurrency investment companies," the company's Security Threat Intelligence team revealed.
"DEV-0139 joined Telegram groups used to facilitate communication between VIP clients and cryptocurrency exchange platforms and identified their target from among the members."
On October 19, attackers with broad knowledge of the crypto investment industry invited at least one target to another Telegram group, where they asked for feedback on cryptocurrency exchange platforms' fee structure.
While Microsoft has not attributed this attack to a specific group and instead chose to link it to the DEV-0139 cluster of threat activity, threat intelligence firm Volexity has also published its own findings on this attack over the weekend, connecting it to the North Korean Lazarus threat group.
The Lazarus Group is a hacking group operating out of North Korea that has been active for over a decade, since at least 2009.
News URL
Related news
- Microsoft: Chinese hackers use Quad7 botnet to steal credentials (source)
- Microsoft dangles $10K for hackers to hijack LLM email service (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- Cryptocurrency hackers stole $2.2 billion from platforms in 2024 (source)