Security News > 2022 > December > Microsoft: Hackers target cryptocurrency firms over Telegram
Microsoft says that cryptocurrency investment companies have been targeted by a threat group it tracks as DEV-0139 via Telegram groups used to communicate with the firms' VIP customers.
"Microsoft recently investigated an attack where the threat actor, tracked as DEV-0139, took advantage of Telegram chat groups to target cryptocurrency investment companies," the company's Security Threat Intelligence team revealed.
"DEV-0139 joined Telegram groups used to facilitate communication between VIP clients and cryptocurrency exchange platforms and identified their target from among the members."
On October 19, attackers with broad knowledge of the crypto investment industry invited at least one target to another Telegram group, where they asked for feedback on cryptocurrency exchange platforms' fee structure.
While Microsoft has not attributed this attack to a specific group and instead chose to link it to the DEV-0139 cluster of threat activity, threat intelligence firm Volexity has also published its own findings on this attack over the weekend, connecting it to the North Korean Lazarus threat group.
The Lazarus Group is a hacking group operating out of North Korea that has been active for over a decade, since at least 2009.
News URL
Related news
- Microsoft: macOS bug lets hackers install malicious kernel drivers (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Hackers steal $85 million worth of cryptocurrency from Phemex (source)
- Hackers spoof Microsoft ADFS login pages to steal credentials (source)
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- Microsoft: Russian-Linked Hackers Using 'Device Code Phishing' to Hijack Accounts (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Chinese hackers abuse Microsoft APP-v tool to evade antivirus (source)