A single cryptocurrency hacking group is targeting exchanges and wallets for the past couple of years and managed to rake more than $200 million, Israeli cybersecurity firm ClearSky claimed.
Though the actual identity of the hacking group is not known, a report published by the cybersecurity firm on Wednesday, detailed that it is clear from the profile, modus operandi, and digital infrastructure of the attacks that it was the single group.
“CryptoCore is a group that targets almost exclusively cryptocurrency exchanges and companies working with them via supply-chain attack,” ClearSky noted. “The CryptoCore group is known for having accumulated a sum of approximately 70 million USD from its heists on exchanges. We estimate that the group managed to rake in more than 200 million USD in two years.”
Though the Israeli firm is calling the group CryptoCore, other security companies also traced the whereabouts of the same group, one firm named it “Leery Turtle.”
Small, yet efficient
Based on the timestamp of the first known sample of such attacks, the hackers started their operations in mid-2018 and “maintained steady activity since then.” The security company, however, could not pinpoint the exact location or country of origin of the group.
The FBS CopyTrade Team Introduces New ‘Risk-free Investments’ FeatureGo to article >>
“We assess with [a] medium level of certainty that the threat actor has links to the East European region, Ukraine, Russia or Romania in particular,” ClearSky continued.
The hacker group is believed to have maybe three to four people, but they are very effective.
“This group is not extremely technically advanced, yet it seems to be swift, persistent, and effective, nevertheless,” the report added.
They are particularly targeting cryptocurrency exchange wallets in the United States and Japan.
“While the group’s key infiltration vector to the exchange is usually through spear-phishing against the corporate network, the executives’ personal email accounts are the first to be targeted,” ClearSky detailed.
“Infiltrating the personal email accounts is an optional phase; however, it’s a matter of hours to weeks until the spear-phishing email is sent to a corporate email account of an exchange’s executive.”