Israeli cybersecurity firm ClearSky has found out that a group of hackers from Eastern Europe, dubbed ‘CryptoCore,’ has stolen more than $200 million from cryptocurrency exchanges around the world, according to its recent report.
While the company has so far failed to pinpoint the gang exact origin, its trails lead to either Russia or Ukraine.
Targeting crypto bosses
ClearSky maintains that, despite not being ‘extremely advanced’ from a technical standpoint, the group has been steadily operating since mid-2018:
This group is not extremely technically advanced, yet it seems to be swift, persistent, and effective, nevertheless. We assess it to be active at least since May 2018, judging from the timestamp of the first known relevant sample, and it maintained steady activity since then.
Throughout this time, CryptoCore has been mainly relying on spearfishing, the practice of sending personalized malicious e-mails to targeted individuals.
Their main aim is to infect a computer that belongs to a high-ranking employee with malware.
After that, they will be eventually able to get their hands on the victim’s passwords, disable to 2FA, and steal crypto from a hot wallet.
Exchanges fall victim to CryptoCore
Cryptocurrency exchanges are much easier targets than traditional financial systems in the likes of SWIFT due to weaker security measures.
ClearSky told ZDNet that close to 20 exchanges from different world regions had been attacked, but it didn't reveal their not to violate its NDAs.
The Jerusalem Post reports that Israeli exchanges alone have been robbed of $70 million by the CryptoCore group.