DEV-0139 launches targeted attacks against the cryptocurrency industry
Contents
Over the past several years, the cryptocurrency market has considerably expanded, gaining the interest of investors and threat actors. Cryptocurrency itself has been used by cybercriminals for their operations, notably for ransom payment in ransomware attacks, but we have also observed threat actors directly targeting organizations within the cryptocurrency industry for financial gain. Attacks targeting this market have taken many forms, including fraud, vulnerability exploitation, fake applications, and usage of info stealers, as attackers attempt to get their hands on cryptocurrency funds.
We are also seeing more complex attacks wherein the threat actor shows great knowledge and preparation, taking steps to gain their target’s trust before deploying payloads. For example, Microsoft recently investigated an attack where the threat actor, tracked as DEV-0139, took advantage of Telegram chat groups to target cryptocurrency investment companies. DEV-0139 joined Telegram groups used to facilitate communication between VIP clients and cryptocurrency exchange platforms and identified their …
We are also seeing more complex attacks wherein the threat actor shows great knowledge and preparation, taking steps to gain their target’s trust before deploying payloads. For example, Microsoft recently investigated an attack where the threat actor, tracked as DEV-0139, took advantage of Telegram chat groups to target cryptocurrency investment companies. DEV-0139 joined Telegram groups used to facilitate communication between VIP clients and cryptocurrency exchange platforms and identified their …
IoC
198.54.115.248
8400f2674892cdfff27b0dfe98a2a77673ce5e76b06438ac6110f0d768459942
a2d3c41e6812044573a939a51a22d659ec32aea00c26c1a2fdf7466f5c7e1ee9
abca3253c003af67113f83df2242a7078d5224870b619489015e4fde060acad0
d021d412be456a6f78a0052a1f0e3557dcfa14bf25f9d0f1d0d2d7dcdac86c73
e5980e18319027f0c28cd2f581e75e755a0dace72f10748852ba5f63a0c99487
http://strainservice.com
https://learn.microsoft.com/azure/sentinel/sentinel-solutions-deploy
https://od.lk/d/d021d412be456a6f78a0052a1f0e3557dcfa14bf25f9d0f1d0d2d7dcdac86c73/Background.png
8400f2674892cdfff27b0dfe98a2a77673ce5e76b06438ac6110f0d768459942
a2d3c41e6812044573a939a51a22d659ec32aea00c26c1a2fdf7466f5c7e1ee9
abca3253c003af67113f83df2242a7078d5224870b619489015e4fde060acad0
d021d412be456a6f78a0052a1f0e3557dcfa14bf25f9d0f1d0d2d7dcdac86c73
e5980e18319027f0c28cd2f581e75e755a0dace72f10748852ba5f63a0c99487
http://strainservice.com
https://learn.microsoft.com/azure/sentinel/sentinel-solutions-deploy
https://od.lk/d/d021d412be456a6f78a0052a1f0e3557dcfa14bf25f9d0f1d0d2d7dcdac86c73/Background.png