Hackers pose as web page crews or password reset pages to steal personal and login information.
During the last two years, a cybercriminal group has stolen around USD 200 million from different cryptocurrency exchange houses. The criminal group has affected between 10 and 20 exchanges in the United States, the Middle East, and Asia.
The name of this group is “CryptoCore”, although it is also known as “Dangerous Password” and “Leery Turtle”. Cybersecurity firm ClearSky conducted an investigation that determined that this criminal group attacks to different cryptocurrency exchanges, at least since 2018.
The investigation revealed that several of the affected crypto-exchanges are from Japan, although it did not disclose the names of the victims to respect the confidentiality agreement. Regarding the location or provenance of the criminal group, the investigative firm considers that the group is from Eastern Europe, Ukraine, Russia, or Romania.
According to the firm that investigated the case, hackers used spear-phishing attacks to gain access to the wallets of cryptocurrency exchanges. To achieve this purpose, hackers were even able to access executive email accounts.
The report details that hackers execute spear-phishing attacks “typically” by posing as employees, primarily those who have a high-ranking role within the company or other organization, such as the advisory board.
Brett Callow, a threat analyst at a malware lab called Emsisoft, provided some feedback on phishing attacks that groups like CryptoCore have conducted. In this sense, the analyst explained the situation.
“Some phishing campaigns consist of mass, non-targeted emails sent to a large number of people. Others, however, are designed to target specific individuals, for example, a company executive. This is known as spear phishing, and since the actor may have spent time gathering information about the target individual, the emails can be extremely compelling,” said Callow.
The analyst added that, in this way, many security incidents, and data breaches start with phishing emails. He explained that hackers generally design phishing campaigns to collect data that is used; for instance, for logins of different accounts, as a kind of form requesting information or “helping” to recover passwords.
In this way, hackers direct the recipient to a fake banking site to deliver malware through malicious attachments. “In either case, the result may be the same: A compromised network,” says Callow.
Other Hackers in the World
A North Korean hacking team, called the Lazarus Group, attacked multiple crypto exchanges last year, according to a Chainalysis report. One of the attacks involved creating a fake but very realistic commercial bot website. Hackers offered a fake website to employees of the DragonEx exchange.
Recently, a study warned of a massive phishing campaign that Lazarus could launch soon. Supposedly, this could affect six nations and more than 5 million businesses and individuals.
Due to these criminal acts, the best recommendation is not to enter suspicious or unknown webpages, since they can obtain passwords for bank accounts, generate other personal damages, or even, as in this case, steal cryptocurrencies.
By María Rodríguez