Updated on 2022-12-07: DEV-0139
Microsoft’s security team says they spotted a new threat actor they are calling DEV-0139 that has spent the past months targeting cryptocurrency organizations. The group stands out among other threat actors targeting the cryptocurrency space because they operate by impersonating representatives of known cryptocurrency platforms in order to join select and private Telegram channels dedicated to VIP clients and cryptocurrency exchanges. Once inside, Microsoft says that DEV-0139 enters conversations that seek to infect their targets with backdoor malware, typically installed via malicious Office documents. Read more: DEV-0139 launches targeted attacks against the cryptocurrency industry
Overview
Microsoft warned against the DEV-0139 threat group targeting cryptocurrency investment firms via Telegram groups used to communicate with the companies’ VIP clients. Read more: DEV-0139 launches targeted attacks against the cryptocurrency industry