Microsoft Warns of an Attack Targeting Crypto Startups
- Microsoft has announced that it has detected an attack that is specifically targeting crypto startups and identified the threat as DEV-013.
- The malicious threat successfully entered chat groups on the messaging application, Telegram, related to crypto startups and chose their targets.
- DEV-013 “had a broader knowledge of this specific part of the industry, indicating that they were well prepared,” said the tech giant.
- They wanted their victims to download a malicious excel file “with the name OKX Binance & Huobi VIP fee comparision.xls.”
American multinational technology corporation responsible for production of computer software, Microsoft, has announced that it has detected an attack that is specifically targeting crypto startups. The malicious threat has been identified as DEV-013 and has successfully entered chat groups on the popular social messaging application, Telegram.
According to a blog post from the security team of Microsoft, they have witnessed “more complex attacks wherein the threat actor shows great knowledge and preparation, taking steps to gain their target’s trust before deploying payloads.”
The post added that after entering the Telegram chats of crypto startups which are used “facilitate communication between VIP clients and cryptocurrency exchange platforms,” DEV-013 identified their target from among the members.
“The threat actor posed as representatives of another cryptocurrency investment company, and in October 2022 invited the target to a different chat group and pretended to ask for feedback on the fee structure used by cryptocurrency exchange platforms,” said Microsoft in the blog post.
It was further revealed in the blog post that DEV-013 “had a broader knowledge of this specific part of the industry, indicating that they were well prepared and aware of the current challenge the targeted companies may have.”
Additionally, when the malicious actor gained the trust of their target, which were identified via Telegram groups, they created a malicious excel file “with the name OKX Binance & Huobi VIP fee comparision.xls.” This file consisted of several tables about fee structures among crypto exchanges, stated Microsoft and also, the data was slightly accurate to increase the credibility of DEV-013.
While the actor wanted their target to download this file and open it onto their system, the file consisted of a malicious macro that was capable of executing another Excel sheet in invisible mode. This gave the attacker the remote access to the victims’ systems.
Microsoft stated that the actor knew much about the crypto space and the specific challenges that it possesses. This is because they created fake profiles and asked their victims questions regarding the fees charged by crypto exchanges.
“Like many other companies in this industry, the largest costs come from fees charged by exchanges. This is a very specific topic that demonstrates how the threat actor was advanced and well prepared before contacting their target,” said the security team of the tech giant.
Microsoft noted that the usage of cryptocurrencies for illicit purposes as well as crypto-related cyber attacks have increased since the 2021 market bull run. In the light of this statement, it is crucial to note that the month of October was one of the worst period for the crypto space in terms of attacks on decentralized services providers.
Recently, Celo blockchain-based decentralized finance (DeFi) lending platform Moola Market was exploited and prior to this incident, cross-chain messaging protocol Nomad faced serious security exploit as well.
Furthermore, digital asset wallet in Asia, BitKeep Wallet was also exploited along with decentralized financial payment network ShadowFi which faced a cyber attack.