On June 24, research team of the security company ClearSky reported a hacker group that utilized spear-phishing attacks to gain access to cryptocurrency exchanges, and it has been successful.
The research team said the group was hidden and persistent, and the cryptocurrency exchanges in the United States and Japan has been its major target since as early as 2018. The group has been able to steal cryptocurrencies worth millions.
The research team called the hacker group CryptoCore (or Crypto-gang), also known as Dangerous Password, Leery Turtle. The research team noted that the CryptoCore operated out of Eastern Europe. Within two years, the group was able to steal more than $200 million and ClearSky thinks that the group is not extremely technically advanced, but swift, persistent and effective.
“The CryptoCore group is known for having accumulated a sum of approximately 70 million USD from its heists on exchanges. We estimate that the group managed to rake in more than 200 million USD in two years.”
CryptoCore was able to access cryptocurrency wallets owned by exchanges and employees by initiating an all-inclusive reconnaissance phase against the firm and its employees. They use spear-phishing attacks to get through, involving sending emails to an executive from an account that looks like a bona fide high-ranking employee, either from the same organization or from one that they’re partnered with.
After infiltrating the network, the group installs malware and gains access to the executive’s password manager accounts containing keys to cryptocurrency wallets. They then hold on until the executive removes multi-factor authentication, swings into action immediately to drain funds from the wallets.
According to ClearSky, the group’s activity reduced in the first half of this year, possibly due to the effects of the COVID-19 pandemic, but it did not stop completely.
Spear-phishing is commonly used by cryptocurrency scammers and it is a huge challenge. It is such that a massive spear-phishing campaign was initiated against YouTubers at the beginning of 2020.