CryptoCore: A group of hackers believed to be operating out of Eastern Europe has stolen approximately $200 million USD from online exchanges. The threat group, known as CryptoCore, has been active since 2018 and are suspected of being tied to as many as 20 other attacks. The attacks which have been attributed to the group with high confidence include five crypto-currency exchanges located in the United States, Japan, and the Middle East. Surprisingly, according to reports, the group’s tactics have not changed in the year and a half that they have been active. The group conducts reconnaissance activity against the target exchanges, infrastructure and employees, then targets employees with phishing attacks. Interestingly the phishing attacks are not carried out against corporate emails initially—personal accounts are targeted first due to their security being weaker than most corporate accounts. The initial phase of phishing emails against personal accounts allow for further information gathering by the group. Once phishing attacks are launched against employee’s corporate accounts, they are done so with emails spoofed from the accounts of executives who are known to have interacted with the targeted employee. These phishing emails are then used to plant malware on the victim’s machine to collect passwords to management accounts. These passwords are then used by CryptoCore to access accounts and wallets, disable two-factor authentication systems, and transferring funds out of “hot wallets.” Hot wallets are wallets where crypto-currency is stored online and able to be accessed from anywhere, making them an extremely tempting target for thieves.
By: Dan McNemar It is not a new concept that criminals use the Darknet to