Microsoft Alerts Cryptocurrency Funds of Attacks Perpetrated by the Lazarus Group

Microsoft Alerts Cryptocurrency Funds of Attacks Perpetrated by the Lazarus Group

The security unit of Microsoft has warned of a threat actor targeting cryptocurrency investment startups via Telegram groups used to communicate with their VIP customers.

Microsoft Identifies Threat Actors Targeting Investment Firms

In a December 6th blog post, Microsoft stated that it had identified a threat group – DEV-0139 – which posed as a cryptocurrency investment company to infiltrate the Telegram group of crypto firms. 

According to Microsoft, members of DEV-0139, who have extensive knowledge of crypto platforms would join these groups pretending to discuss trading fees with VIP clients of major exchanges. 

An Elaborate Plan from the Lazarus Group

Microsoft notes that DEV-0139 is the same actor that cybersecurity firm Volexity linked to North Korea’s state-sponsored Lazarus Group. They send Excel documents to their targets containing accurate information about the trading fees and services offered.

Microsoft explains that the plans from the Lazarus Group are increasingly becoming complex, and the “threat actor shows great knowledge and preparation, taking steps to gain their target’s trust before deploying payloads.”

According to Microsoft, the Excel files are weaponized with “well-crafted” malware to infect systems that it then remotely accessed. With remote access, they steal the crypto and information of investment firms and crypto users.

On the Flipside

  • Volexity reported that the Lazarus Group has also developed new and improved versions of its cryptocurrency-stealing malware AppleJeus.

Why You Should Care

The Lazarus Group is a North Korean hacking group sanctioned by the U.S. government. They allegedly steal crypto to sponsor the country’s nuclear weapons program.

Back to Top
Close Zoom
Don't push your luck