Cryptocurrency investment companies are the target of a developing threat cluster that uses Telegram groups to seek out potential victims.
Microsoft’s Security Threat Intelligence Centre (MSTIC) is tracking the activity under the name DEV-0139, and builds upon a recent report from Volexity that attributed the same set of attacks to North Korea’s Lazarus Group.
“DEV-0139 joined Telegram groups used to facilitate communication between VIP clients and cryptocurrency exchange platforms and identified their target from among the members,” the tech giant said.
The adversary subsequently impersonated another cryptocurrency investment company and invited the victim to join a different Telegram chat group under the pretext of asking for feedback on the trading fee structure used by exchange platforms across VIP tiers.
It’s worth pointing out that the VIP program is designed to reward high-volume traders with exclusive trading fee incentives and discounts based on the activity in the past 30 days.
images from Hacker News