CryptoCore Criminal Group Has Been Targeting Cryptocurrency Exchanges for 3 Years
Cryptocurrency users and exchanges have been targeted by cybercriminals over the past couple of years. While some of the attacks are carried out by low-level criminals, there are also multiple large-scale campaigns that have resulted in millions being stolen from the victim. Security researchers suspect that they might have finally gathered enough pieces of information about one of the major organized crime groups targeting cryptocurrency exchanges in Europe, Japan, Israel, and the United States. The group, dubbed CryptoCore, appears to have ties to the North Korea-based Advanced Persistent Threat (APT) actor Lazarus. Furthermore, the CryptoCore criminals have allegedly stolen over $200,000,000 via their attack campaigns in the past three years.
The first traces of CryptoCore Criminal Group's activities date back to 2018 when they went after Japan-based cryptocurrency exchanges. The target was approached through malicious email attachments accompanied by a phishing message – they were sent to employees of the exchange. Allegedly, the malicious emails carried payloads that were previously used by the Lazarus APT. Furthermore, the North Korean hackers are also considered to be responsible for the development and maintenance of said malware.
The campaigns of the CryptoCore Criminal Group appear to be entirely financially-motivated, and they do not seem to have any political motivations. Recently, their attacks switched their focus towards Israeli-based cryptocurrency exchanges. The crooks often rely on Remote Access Trojans (RATs) and infostealers to achieve their goals. Their delivery methods and droppers continue to evolve, but the similarities with previous Lazarus attacks are undisputable.