Microsoft Warns of Scammers Targeting Crypto Startups

The security team of Microsoft has uncovered threat actors targeting crypto startups and claims Telegram chat is being used to gain access and trust of other firms.

Ransomware is a malicious program or malware that blocks access to files on a computer until a fee is paid to the perpetrator. Like any other virus, it can spread between computers bringing down whole networks. Over 30 years, ransomware has transformed from a fringe internet novelty to a massive illegal business. 

Crypto Playing a Part

Now cryptocurrencies have played a big part in the rise of ransomware. The anonymity of cryptocurrencies like Bitcoin has made ransomware even more appealing to cybercriminals. As hackers move and exchange cryptocurrency through a maze of accounts and across countless borders, it can become virtually untraceable. It isn’t easy to know exactly how much criminal activity relies on cryptocurrency.

Hackers might feel so secure in their anonymity that they set up customer care websites and portals to help victims send payments. They operate very much like legitimate businesses. 

These attacks can come in various forms, including illicit actors directly engaging with an organization within an industry for financial gains. While most of these hacks go undetected, a small share does see the light, as is the case. 

Threat Actor DEV-0139

The Microsoft Security Threat Intelligence team highlighted one attack targeting cryptocurrency startups. In a report dated Dec. 6, the team looked into a threat actor named “DEV-0139.”

The actor posed as a representative of a different crypto investment company and gained access through the Telegram chat. Even asked for feedback on the fee structure used by crypto exchange platforms. After gaining trust, the alleged actor sent a spreadsheet titled “OKX Binance & Huobi VIP fee comparison.xls.” However, it contained a malicious code that could remotely access the victim’s system. 

Zooming out, the entire attack, as compiled by Microsoft’s security team, looked like this: 

Overview of the attack by Microsoft
Source: Microsoft

Needless to say, the hacker had in-depth exposure and knowledge of cryptocurrency companies as evident in the chart above. In addition to this, Microsoft also identified another similar attack with a “similar mechanism as ‘logagent.exe’ and delivering the same payload.”

The infamous North Korean group, Lazarus, was one of the leading names using ransomware attacks to their advantage. 

Overall, given the rise in cryptocurrency and the lump sum of money flowing in, companies, and individuals need to maintain caution against such risks. 

Source: https://beincrypto.com/microsoft-warns-scammers-target-crypto-startups-weaponized-excel-files/