CryptoCore, a cybercriminal group, also known with other names like “Dangerous Password” and “Leery Turtle”, has launched a phishing campaign against several crypto exchanges and managed to steal $200 million in two years.
It has been reported by the cybersecurity firm ClearSky that in total, they are believed to have hit 10 – 20 victims across the United States, the Middle East, and Asia.
However, ClearSky confirmed that CryptoCore stole $200 million from at least five victims, several of whom were located in Japan.
It has been analyzed that the names of targeted crypto exchanges were not revealed due to non-disclosure agreements with the victims, as it is believed that the total number of targets could be as high as 20 in total.
ClearSky believes that CryptoCore may have links to the Eastern European region, Ukraine, Russia, or Romania.
CryptoCore reportedly stole around $200 million from several crypto exchanges in a 2-year period https://t.co/ikE6KnWXZO — Cointelegraph (@Cointelegraph) June 24, 2020
Likewise, the hackers used spear-phishing attacks to gain access to crypto exchanges’ wallets. In some cases, they may have targeted executives’ personal e-mail accounts.
The report details that spear-phishing attacks are “typically” carried out by impersonating employees, mostly those who have a high-ranking role within the company or from another organization like the advisory board.
Brett Callow, the threat analyst at malware lab Emsisoft, provided some comments regarding spear-phishing attacks like CryptoCore did.
He added:
“Some phishing campaigns consist of non-targeted mass emails sent to a large number of people. Others, however, are crafted to target specific individuals – a company executive, for example. This known as spear phishing and, because the actor may have spent time collecting information about the individual being targeted, the emails can be extremely convincing.”
Thus, Callow concluded:
“Many security incidents and data breaches start with phishing emails. Phishing campaigns are typically designed to either collect logins – for example, by directing the recipient to a fake banking site – or to deliver malware via malicious attachments. In either case, the end result can be the same: a compromised network.”
Source: Cointelegraph | Image: India Today