Hackers known as "CryptoCore" believed to be operating out of Eastern Europe stole more than $200 million from several cryptocurrency exchanges. According to ZDNet's latest report, the malicious activity was identified by cybersecurity firm ClearSky.
Also Read: [HACKERS] Microsoft Identifies Cyberattackers Linked to Iran, Cracking Cloud Password to Gain Full Control Over a Network
Also Read: Hacktivist Group Anonymous Stole the BlueLeaks Collection from 200 Police Departments, Released by DDoSecrets
The CryptoCore group of hackers, which has been active since 2018, was already tracked by ClearSky, as confirmed by the research team leader of the company, Or Blatt. According to the cybersecurity company, CryptoCore has targetted 10-20 cryptocurrency exchanges and has been linked to five successful hacks.
Blatt said that the five confirmed victims are located in Japan, the Middle East, and the United States. However, the names of the victims were not provided in the email sent by Blatt because of non-disclosure agreements.
According to ClearSky's latest report, isolated reports of CryptoCore's operations, which identified the group as "Leery Turtle [PDF]" and "Dangerous Password," have been previously documented. However, compared to the previously documented incidents, the Israeli security firm claimed that the operations of CryptoCore have been more widespread.
Although the attacks have little variation, ClearSky said that the group has been using the same tactics all throughout its two-and-a-half years of operation. The group targeted an exchange's management, IT staff, and other employees, starting with an information gathering attack staged to collect necessary details and other sensitive information.
Hackers seal more $200 million worth of cryptocurrency
Rather than attacking the corporate emails, the first phishing attacks of CryptoCore were launched against personal email accounts since they usually contain business information and are most likely to be less secure than official email addresses. However, new reports stated that they have also targetted official business accounts.
"It's a matter of hours to weeks until the spear-phishing email is sent to a corporate email account of an exchange's executive," said the security firm. "The spear-phishing is typically carried out by impersonating a high-ranking employee either from the target organization or from another organization (e.g. advisory board) with connections to the targeted employee."
To steal a password manager account, the group of hackers' main goal is to plant malware on a manager's or employee's computer. Before transferring funds out of the exchange's "hot wallets," CryptoCore will disable two-factor authentication systems to access wallets and accounts using the hacked passwords.
The report stated that the CryptoCore is currently the second organized group which has repeatedly targeted cryptocurrency exchanges in the past few years. On the other hand, the biggest threat to cryptocurrency exchanges today are North Korean state-sponsored hackers, having stolen around $571 million from at least five cryptocurrency exchanges in Asia from January 2017 until September 2018.