A hidden group dubbed “CryptoCore” has been targeting cryptocurrency exchanges, primarily in the US and Japan since 2018 has successfully stolen millions worth of digital assets, as per the ClearSky report.
The CryptoCore group has accumulated $70 million from its heists on exchange and is estimated to rake in over $200 million in two years.
Though not extremely technically advanced, the group is swift and persistent and has been active since May 2018 but its activity has receded in the first half of 2020.
The cybersecurity company has been tracking CryptoCore for two years and found that it has links to the East European region, Ukraine, Russia, or Romania in particular.
In its report, ClearSky points out that CryptoCore’s Modus Operandi is to gain access to the wallets of cryptocurrency exchanges, be it corporate wallets or exchange’s employees’ wallets. The group gains access to them through either spear-phishing against the corporate network or the executives’ personal email accounts.
The group makes use of cloud services, not limited to Google Drive and malicious crypto-themed domains such as btcprime[.]tk, krypitalvc[.]com, and blockchaintransparency[.]institute.
After extensive reconnaissance, the group carries out a spear-phishing attack by impersonating a high-ranking employee. From there, it moves to the victim’s password manager account from where it gets the keys of crypto-wallets and other valuable assets.
Millions Scammed, Millions Lost
Cryptocurrency scams are a growing problem, especially with everyone working from home due to COVID-19. Recently, we reported how bitcoin giveaway scams using the name of Tesla CEO Elon Musk made $2 million in less than two months.
According to a recent study by Scamwatch, run by the Australian Competition and Consumer Commission (ACCC), Australians filed 1,810 reports of crypto-related scams in 2019, totaling over $21.6 million AUD (almost $15 million USD).
“Most were Ponzi schemes, with no real cryptocurrency involved,” said the report.
The UK’s National Cyber Security Centre (NCSC) has also been receiving 16,500 emails on average every day since the service to allow people to flag phishing and other suspicious emails were launched two months ago.