Kaspersky, a Russian cybersecurity company, has warned about a new type of attack on cryptocurrency companies. It says that hackers using corrupted software are able to do this with “surgical precision.”
The 3CX software supply-chain attack happened the last week, and Kaspersky’s research found that a few crypto-focused companies were hit by it.
Even though it didn’t name the firms, it did say that they were from “western Asia.”
The attack, which is thought to have been done on behalf of the North Korean government, involved tampering with the widely used VoIP app 3CX to get the hackers’ code onto the machines of the people who were attacked.
Georgy Kucherin, a researcher on Kaspersky’s GReAT team of security analysts, said that this type of attack is “becoming very common” and explained why:
“In supply-chain attacks, the threat actor does reconnaissance on the victims and gathers information about them. Then, they sort through this information and choose which victims to attack with a second-stage malware.”
The filtering is meant to help the attackers avoid being caught since sending the second-stage malware to a large number of victims makes it easier to catch. But it looks like something went wrong here.
Kucherin said that the 3CX supply-chain attack was found more quickly than others. CrowdStrike and SentinelOne, two security companies, found that the first malware was installed last week, less than a month after it was put in place.
Kucherin says, “They tried to be sneaky, but they failed.” “The first stage of their implants were found.”
Wired says that CrowdStrike and SentinelOne found that the hackers who broke into the 3CX installer software used by 600,000 organizations around the world were from North Korea.
Kaspersky also found that the hackers went through the people they infected to find “fewer than 10 machines” that were connected to crypto firms, which they then targeted on purpose. So far, at least, this is what we know.
It seems like state-backed hackers are using software supply chains more and more to infect thousands of organizations, but then they only focus on a few of those organizations.
Kusherin was said to have said,
“This was all done to hurt a small group of companies. Maybe not just cryptocurrency companies, but we can see that cryptocurrency companies were one of the attackers’ goals. […] Cryptocurrency companies should be especially worried about this attack because they are likely to be the targets. They should check to see if their systems have been hacked again.
But because the attackers were caught, it’s not clear yet if the campaign was a success. Kucherin said that Kaspersky hadn’t seen any proof yet that crypto had been stolen from the companies that this malware was found to be going after.
More companies, even ones not in the crypto industry, are likely to be targeted in the future. A security researcher at SentinelOne named Tom Hegel said,
“At this point, the most likely explanation is that the attackers first went after crypto firms to get into those high-value companies. I’m guessing that they had other goals once they saw how well this worked and what kinds of networks they were a part of.
He also said that the situation is “developing very quickly” and that there is still more to learn about the victims and possible targets. Hegel said, “But from the attacker’s point of view, if all they did was go after crypto firms, this was a huge missed chance.”
In October of last year, Kaspersky polled 2,000 Americans and found that a third of those who owned cryptocurrency had it stolen. The theft was worth an average of $97,583.
A third of people said they had lost money to a fake cryptocurrency website or investment scam. 19% of the people who were hurt had their identities stolen, and 27% had their personal information and bank account money stolen.
A senior security researcher at Kaspersky GReAT, Marco Rivero, said, “This survey data shows that a lot of people are having their crypto stolen and even their identities stolen.”
Rivero said that users should watch out for phishing scams and fake websites, use any extra security measures they can, like multi-factor authentication, and use strong, unique passwords for each account.
© 2015-2023 Coinposters. All rights reserved!