"Hackers Target Cryptocurrency Customers by Impersonating Well-Known Employee"

Researchers from Division Seven, SafeGuard's threat intelligence division, have detailed how a threat actor targeted clients of a cryptocurrency company they partner with using a social engineering approach with a twist. The hackers pretended to be a well-known employee. Following Microsoft Security's December report on targeted attacks on the cryptocurrency industry, the investigation was initiated. Microsoft researchers reported that a threat actor, tracked as DEV-0139, was joining Telegram groups that targeted cryptocurrency investment firms. It was discovered that DEV-0139 was exploiting Telegram channels used to promote interactions between VIP clients and cryptocurrency exchange platforms to identify possible targets. According to Microsoft's assessment, the threat actor posed as a representative of another cryptocurrency investment firm and invited targets to a different chat group while pretending to request comments on the free structure used by cryptocurrency trading platforms. This information was then used to distribute a malicious Excel file, including tables detailing the fee structures of cryptocurrency exchange companies. This article continues to discuss the malicious operation in which hackers impersonated a well-known employee to target cryptocurrency customers. 

SiliconANGLE reports "Hackers Target Cryptocurrency Customers by Impersonating Well-Known Employee"