Japanese newspaper Asahi Shimbun reports Monday that virus variants known to be linked to Russian hackers have been found on employee computers at the Tokyo-based Coincheck exchange, Coindesk reported
Coincheck suffered a breach in January 2018 that resulted in the loss of 500 million NEM tokens worth around $530 million at the time – an amount even bigger than that lost by Mt. Gox.
According to the report, the malware found at the exchange had been emailed to employees and included types called Mokes and Netwire, which allow malicious distributors to gain access to victims’ machines and operate them remotely. Mokes apparently first appeared on a Russian bulletin board in 2011, while Netwire has been around for 12 years.
The Coincheck hack has previously been linked with North Korea. In a report last February, South Korea’s National Intelligence Service (NIS) said that phishing scams and other methods had yielded tens of billions of won in customer funds. The country’s authorities were said at the same time to be probing whether North Korea was behind the Coincheck attack.
Cybersecuirty firm Group-IB also made the link between the allegedly North Korean state-sponsored hacking team and Coincheck in an October report.
Based on an analysis of the viruses, a U.S. cybersecurity expert told the Ashahi Shimbun that Russian or Eastern European hackers may be linked to the Coincheck attack.
Francis Gaffney, Director of Threat Intelligence, Mimecast, commented:
“Nearly every week it seems that there is another cyberattack involving cryptocurrency theft. In fact, as of January 2019, over $1 billion had been lost from cryptocurrency attacks, and the Coincheck is just the latest incident. At the end of the day, cybercriminals are going to go directly where the money is via point-of-sale-focused attacks, like we’re seeing here and with ransomware. Attacks on cryptocurrencies and their enabling exchanges are particularly troubling for systems like currencies, which rely heavily on trust for reliable means of exchange."
He adds: "We see these crypto-based attacks begin with sophisticated phishing campaigns and malware droppers. From there, threat actors study their victims to identify their credentials and capture their sensitive information. And, no longer are these attacks strapped to remote locations, as incidents involving mobile devices (smartphones, tablets, etc.) are on the rise. In order to defend against crypto hacking, and for the Internet to continue to grow as an economic force, organizations must implement good cyber hygiene and robust cyber resilience across all platforms.”