ClearSky Cyber Security reported that over the past two years, a hacking group called CryptoCore had stolen almost $200mn. The hacking group has used techniques like social engineering and spear-phishing emails to target executives and employees at various cryptocurrency exchanges in Japan and the US. There is speculation that the group might be operating from Russia, Romania, or Ukraine. Some of the other names of the group are Leery turtle and Dangerous Password. The report suggested that the group is not technically well-versed, but they are effective, swift, and persistent. The group will steal data and credentials from their malware-infected devices. This includes hostname, username, OS version, time zone, network adaptor, list of running processes, and processor names.
In a few cases, the group is known to use Mimikatz, a popular credential-stealing malware. ClearSky made a discovery that the group also targets a few suppliers. According to the reports, a persistent attack was carried out on exchanges, and they used to target the same exchange multiple times with different payloads. The cryptocurrency exchanges continue to be a source of tempting targets for hackers, and over the past few years, several such incidents have been reported. The US, along with other government officials, is accusing North Korea of using hacker groups to raise enough funds to deal with economic sanctions.