Threats Tagged 'cryptocurrency'

An FBI investigation identified Denis Nikolayevich Obrezko, a Russian national, as facilitating cyber intrusions conducted by the Russia-aligned threat group Void Blizzard. Between June and July 2024, multiple U.S. companies across various sectors were targeted in a large-scale cyber espionage campaign involving mass email harvesting and unauthorized access. The threat actors utilized stolen session tokens, proxy services, and VPNs to authenticate to victim Office 365 environments and exfiltrate data. Obrezko allegedly obtained critical infrastructure including a virtual private server and domain registration used in these attacks. FBI investigation linked Obrezko through cryptocurrency transactions, email accounts, phone numbers, and IP addresses to domains and infrastructure used in the intrusion campaign. Eleven U.S. companies have confirmed unauthorized access, representing only a fraction of suspected victims nationwide.

MediumCampaignUnited States#void blizzard#cryptocurrency#denis obrezko

JINX-0164, a financially motivated threat actor active since mid-2025, has been conducting sophisticated campaigns against cryptocurrency organizations. The actor employs LinkedIn-based social engineering, posing as recruiters or business partners to deliver custom macOS malware including AUDIOFIX (a Python-based infostealer and RAT) and MINIRAT (a lightweight Go backdoor). Their operations focus on compromising developer endpoints to steal cryptocurrency wallet credentials, cloud secrets, and GitHub tokens. The attackers then pivot to CI/CD infrastructure, injecting malicious code into repositories to enable lateral movement. In April 2026, they executed a supply chain attack by trojanizing the npm package @velora-dex/sdk. The group masks activity using VPN services and demonstrates advanced capabilities including credential harvesting from password managers, browser extensions, and development tools.