Microsoft alerta sobre um ataque direcionado a startups criptográficas
- A Microsoft anunciou que detectou um ataque direcionado especificamente a startups criptográficas e identificou a ameaça como DEV-013.
- A ameaça maliciosa entrou com sucesso em grupos de bate-papo no aplicativo de mensagens Telegram, relacionados a startups criptográficas e escolheu seus alvos.
- DEV-013 “had a broader knowledge of this specific part of the industry, indicating that they were well prepared,” said the tech giant.
- They wanted their victims to download a malicious excel file “with the name OKX Binance & Huobi VIP fee comparision.xls.”
A empresa de tecnologia multinacional americana responsável pela produção de software de computador, a Microsoft, anunciou que detectou um ataque que visa especificamente as startups de criptografia. A ameaça maliciosa foi identificada como DEV-013 e entrou com sucesso em grupos de bate-papo no popular aplicativo de mensagens sociais Telegram.
De acordo com um postagem do blog from the security team of Microsoft, they have witnessed “more complex attacks wherein the threat actor shows great knowledge and preparation, taking steps to gain their target’s trust before deploying payloads.”
The post added that after entering the Telegram chats of crypto startups which are used “facilitate communication between VIP clients and cryptocurrency exchange platforms,” DEV-013 identified their target from among the members.
“The threat actor posed as representatives of another cryptocurrency investment company, and in October 2022 invited the target to a different chat group and pretended to ask for feedback on the fee structure used by cryptocurrency exchange platforms,” said Microsoft in the blog post.
It was further revealed in the blog post that DEV-013 “had a broader knowledge of this specific part of the industry, indicating that they were well prepared and aware of the current challenge the targeted companies may have.”
Additionally, when the malicious actor gained the trust of their target, which were identified via Telegram groups, they created a malicious excel file “with the name OKX Binance & Huobi VIP fee comparision.xls.” This file consisted of several tables about fee structures among crypto exchanges, stated Microsoft and also, the data was slightly accurate to increase the credibility of DEV-013.
While the actor wanted their target to download this file and open it onto their system, the file consisted of a malicious macro that was capable of executing another Excel sheet in invisible mode. This gave the attacker the remote access to the victims’ systems.
A Microsoft afirmou que o ator sabia muito sobre o espaço criptográfico e os desafios específicos que ele possui. Isso porque eles criaram perfis falsos e fizeram perguntas às vítimas sobre as taxas cobradas pelas exchanges de criptomoedas.
“Like many other companies in this industry, the largest costs come from fees charged by exchanges. This is a very specific topic that demonstrates how the threat actor was advanced and well prepared before contacting their target,” said the security team of the tech giant.
A Microsoft observou que o uso de criptomoedas para fins ilícitos, bem como ataques cibernéticos relacionados a criptomoedas, aumentou desde a alta do mercado em 2021. À luz desta declaração, é crucial observar que o mês de outubro foi um dos piores períodos para o espaço criptográfico em termos de ataques a provedores de serviços descentralizados.
Recentemente, a plataforma de empréstimos de finanças descentralizadas (DeFi) baseada em blockchain da Celo Moola Market foi explorado e antes deste incidente, o protocolo de mensagens entre cadeias Nomad enfrentou grave falha de segurança também.
Além disso, a carteira de ativos digitais na Ásia, A Carteira BitKeep também foi explorada juntamente com a rede de pagamento financeiro descentralizada ShadowFi que enfrentou um ataque cibernético.