Eastern European Hacker Group Stole $200m From Crypto Exchanges via Supply-Chain Attack
Posted on 06-25-2020.
Israeli cybersecurity firm ClearSky has detected that the so-called hacker group CryptoCore has managed to steal over $200 million from cryptocurrency exchanges and companies in two years. For the most part, the threat actors—also named by ClearSky as Dangerous Password and Leery Turtle—have been targeting entities located in the United States and Japan.
ClearSky has been tracking CryptoCore’s activity since May 2018, concluding that the group is “not extremely technically advanced.” In the first half of 2020, the hackers’ activity notably declined probably due to the COVID-19 outbreak. Also, the company has not been able to determine the origin of the hacker group, only saying with a medium level of certainty that the group has links to Eastern Europe, particularly Ukraine, Russia, or Romania.
Impersonating High-Ranking Employees
CryptoCore reportedly obtains access to crypto exchanges' corporate wallets or those owned by the exchange’s employees through spear-phishing primarily targeting the executives’ personal email accounts. The threat actors then impersonate high-ranking employees either from the target company or from a related organization with connections to the targeted officer. The report further detailed:
“After gaining an initial foothold, the group’s primary objective is obtaining access to the victim’s password manager account. This is where the keys of crypto-wallets and other valuable assets—which will come handy in lateral movement stages—are stored. The group will remain undetected and maintain persistence until the multi-factor authentication of the exchange wallets will be removed, and then act immediately and responsively.”
Crypto-Related Losses Continue Rising
According to blockchain analytics and crypto intelligence firm CipherTrace, in the first five months of 2020, the total losses of cryptocurrencies to criminals and scammers amounted to $1.36 billion
. Researches suggest 2020 may bring the second-highest total crypto lost to crime ever observed, the current record being 2019’s $4.5 billion. 98% of the losses were attributed to investment fraud and misappropriation.
A recent study by the business software site Capterra revealed that remote workers have also become greatly exposed to phishing emails
during the lockdown, with hackers aiming to steal users’ passwords. Capterra pointed out that “despite the majority of workers stating they are pleased with working from home, the adoption of security measures still has room for improvement.”
Follow us on Twitter and Facebook and join our Telegram channel to know what’s up with crypto and why it’s important.