top of page
Search
Writer's pictureStormsec

DEV-0139 launches targeted attacks against the cryptocurrency industry

Microsoft Security Threat Intelligence is seeing more complex attacks wherein the threat actor shows great knowledge and preparation, taking steps to gain their target’s trust before deploying payloads. For example, Microsoft recently investigated an attack where the threat actor, tracked as DEV-0139, took advantage of Telegram chat groups to target cryptocurrency investment companies.




ADVERSARY: DEV-0139


MALWARE FAMILY: Wolfic


ATT&CK IDS: T1027 - Obfuscated Files or Information, T1036 - Masquerading, T1041 - Exfiltration Over C2 Channel, T1059 - Command and Scripting Interpreter, T1071 - Application Layer Protocol, T1106 - Native API, T1132 - Data Encoding, T1204 - User Execution, T1566 - Phishing, T1574 - Hijack Execution Flow, T1583 - Acquire Infrastructure, T1591 - Gather Victim Org Information, T1593 - Search Open Websites/Domains


Read More:

2 views

Comments


Commenting has been turned off.
bottom of page