Cryptocrime Digest (3 August 2020)
A weekly summary of news and commentary about criminal activity related to cryptocurrencies brought to you by Merkle Science.
Subscribe here to receive this in your inbox every Monday.
Our Top 5 Articles From the Week
How the Alleged Twitter Hackers Got Caught
After an investigation that included the FBI, IRS, and Secret Service, the Department of Justice charged UK resident Mason Sheppard and Nima Fazeli, of Orlando, Florida in connection with the Twitter hack. A 17-year-old, Graham Ivan Clark, was charged separately with 30 felonies in Hillsborough County, Florida, including 17 counts of communications fraud. Together, the criminal complaints filed in the cases offer a detailed portrait of the day everything went haywire — and how poorly the alleged attackers covered their tracks. All three are currently in custody. (Wired)
Cryptojacking Attacks Are Seriously Underestimated, Says BlackBerry VP
Cryptojacking attacks are both an internal and external threat, as the hacking groups are getting more organized in attempts to exploit vulnerabilities in the networks. However, there are also cases where some admins use valid entitlements to make money from illegally mining crypto using the firm’s network resources, and many organizations “don’t have great visibility” about it, says Josh Lemos, VP of research and intelligence at BlackBerry. (Coin Telegraph)
Garmin’s four-day service meltdown was caused by ransomware
GPS device and services provider Garmin on Monday confirmed that the worldwide outage that took down the vast majority of its offerings for five days was caused by a ransomware attack. Screenshots and other data posted by Garmin employees suggested the ransomware was a relatively new strain called WastedLocker. (Ars Technica)
North Korean hackers created VHD ransomware for enterprise attacks
North Korean-backed hackers tracked as the Lazarus Group have developed and are actively using VHD ransomware against enterprise targets according to a report published by Kaspersky researchers. Kaspersky attributed the VHD ransomware to the Lazarus Group based on the tools used to deploy the ransomware as part of two attacks and the lateral movement tactics also observed in previous Lazarus intrusions. (Bleeping Computer)
Structure of the ransomware ecosystem. From Securelist.com (Kaspersky Labs)
Picture of the infection chain leading to the installation of the VHD ransomware. From Securelist.com (Kaspersky Labs).
New Linux malware uses Dogecoin API to find C&C server addresses
While Linux malware was once sitting on the fringes of the malware ecosystem, today, new Linux threats are being discovered on a weekly basis. The latest finding comes from Intezer Labs. In a report shared with ZDNet this week, the company analyzed Doki, a new backdoor trojan they spotted part of the arsenal of an old threat actor known for targeting web servers for crypto-mining purposes. (ZDNet)
Source: Intezer.
Merkle Science News
UPDATED: Hack Track: #Twitterhack bitcoin scam
The Merkle Science team updated our analysis of the bitcoin fund flows that were collected during the Twitter hack. As of Monday, 27 July 2020
the hackers had transferred more bitcoin from the known associated address clusters (see above) to addresses associated to exchanges Kraken, Wazirx, Coinbase and Paxful, the breakdown is as follows:
- BTC 0.086 transferred to Kraken
- BTC 0.1 transferred to Wazirx
- BTC 0.15 transferred to Coinbase
- BTC 0.106 transferred to Paxful
Upcoming Webinar: Blockchain Spring Series — Financial Services Applications
Merkle Science is collaborating with RHTLaw Asia and the Singapore University of Social Sciences for a webinar panel discussion on the application of blockchain technology in financial services.
Register here.
Webinar Recording: The Current State of Cryptoasset Institutionalization: Capital, Compliance and Custody
Last Thursday, 30th July Merkle Science hosted a webinar panel on the current state of cryptoasset institutionalization. If you missed the live discussion or would like to listen again:
Click here to watch the full recording
About Merkle Science
Merkle Science provides blockchain transaction monitoring and intelligence solutions for cryptoasset service providers, financial institutions and government agencies to detect, investigate and prevent the use of cryptocurrency for money laundering, terrorist financing and other criminal activities. Merkle Science is headquartered in Singapore with offices in Bangalore, Seoul and Tokyo and backed by Digital Currency Group, Kenetic, SGInnovate and LuneX.
