by
Researchers at Division Seven, SafeGuard Inc.’s threat intelligence team today detailed how customers at a cryptocurrency firm they work with were targeted by a threat actor using a social engineering attack with a twist: The hackers were pretending to be a well-known employee.
The investigation was launched following a report by Microsoft Security in December into targeted attacks against the cryptocurrency industry. Microsoft Corp. researchers said a threat actor, tracked as DEV-0139, was joining Telegram groups where they targeted cryptocurrency investment companies.
DEV-0139 was found to be using Telegram groups used to facilitate conversations between VIP clients and cryptocurrency exchange platforms to identify potential targets among its members. In Microsoft’s report, the threat actor was posing as a representative of another cryptocurrency investment company and would invite targets to a different chat group and pretend to ask for feedback on the free structure used by the cryptocurrency exchange platforms. The knowledge gained was then used to send a malicious Excel file that contained tables about fee structures among cryptocurrency exchange companies.
What the Division Seven researchers discovered was slightly more involved, with the threat actor impersonating a trusted individual to carry out the social engineering attack more efficiently.
Using SafeGuard Cyber’s lookback capabilities and detection engine, the researchers located and confirmed an instance when traders were targeted by someone impersonating a known employee from the company’s organization to deliver the payload.
In an example, the threat actor attempted the impersonation through the use of the legitimate user’s initials. The impersonation was detected, however, and the account was recorded and flagged as a different unique author.
The researchers believe that DEV-0139’s use of detailed trust building was likely an adaptation of a less successful, albeit easier, impersonation attack.
“The result of this analysis is a compliance customer has enabled deeper security detections for monitored Telegram users,” the research concluded. “This move is part of a larger trend we have observed over the course of 2022, a greater convergence of security and compliance in financial services to address overall business communication risks.”
Click here to join the free and open Startup Showcase event.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.
Click here to join the free and open Startup Showcase event.
Hackers target cryptocurrency customers by impersonating well-known employee
Facebook users targeted with fake copyright notices in credential stealing campaign
Oxford Ionics raises $30M to build highly scalable quantum processors based on trapped ions
Apple’s mixed reality headset could reportedly launch in spring
CIOs are in a holding pattern – but ready to strike at data monetization
Enterprise support for the metaverse flourishes at this year’s CES
Hackers target cryptocurrency customers by impersonating well-known employee
SECURITY – BY . 1 MIN AGO
Facebook users targeted with fake copyright notices in credential stealing campaign
SECURITY – BY . 1 MIN AGO
Oxford Ionics raises $30M to build highly scalable quantum processors based on trapped ions
EMERGING TECH – BY . 9 HOURS AGO
Apple’s mixed reality headset could reportedly launch in spring
EMERGING TECH – BY . 14 HOURS AGO
CIOs are in a holding pattern – but ready to strike at data monetization
BIG DATA – BY . 2 DAYS AGO
Enterprise support for the metaverse flourishes at this year’s CES
EMERGING TECH – BY . 2 DAYS AGO
Forgot Password?
Like Free Content? Subscribe to follow.
Author
Administraroot