The CryptoCore hacker group made away with millions from online cryptocurrency exchanges.
CryptoCore - an organized hacking group - has pulled off cryptocurrency heists amounting to $70 million. However, research by ClearSky suggests that the total value may be worth $200 million, since 2018. The group is also known as “Leery Turtle” and “Dangerous Password.”
The group has been following the same mode of operation, with little to no variation in the attacks.
- It begins its operation with an expansive reconnaissance phase against an organization and its components.
- The first phishing attacks are launched against personal email accounts as they are less likely to be secured as compared to the corporate email accounts.
- The spear-phishing email is sent to a corporate email account within a few hours or weeks.
- The deathblow is delivered by planting malware on a manager or employee’s system and gaining access to a password manager account.
- The IOCs can be found here.
Some basic facts about CryptoCore
- CryptoCore is currently the second organized group, repeatedly targeting cryptocurrency exchanges.
- The group allegedly is based in the Eastern European region and targets cryptocurrency exchanges in the US, the Middle East, and Japan.
- Although the group is not extremely technically sound, it makes up for it with efficacy and speed.
The bottom line is that when you put your money on an exchange, you can never be sure if it is secure or not as exchanges do not employ the same level of security practices as financial institutions.