As an analyst with a background in cybersecurity and a focus on threat intelligence, I find the connection between the Ebury botnet and major cryptocurrency thefts to be a significant development in the ever-evolving landscape of cybercrime.
As a seasoned crypto investor, I’ve come across some unsettling news. Dutch cybersecurity experts have uncovered a connection between a significant cryptocurrency heist and the notorious Ebury botnet. Over the past fifteen years, this malicious network has reportedly infiltrated more than 400,000 servers.
Based on findings from a 2021 probe conducted by the Dutch National High Tech Crime Unit (NHTCU), a report from Slovakian cybersecurity company ESET revealed the discovery of the Ebury botnet on a crypto-related server.
Following this disclosure, the Dutch criminal investigation team joined forces with ESET, headed by researcher Marc-Etienne Léveillé who had been investigating Ebury for more than a decade.
Ebury operators are accused of employing a complex strategy called adversary-in-the-middle (AitM) to pilfer crypto assets. This tactic materializes when the botnet intercepts data flowing through networks, thereby capturing login credentials and session details.
“Cryptocurrency theft was not something that we’d ever seen them do before,” Léveillé noted.
The botnet redirects traffic to servers managed by cybercriminals, enabling them to gain unauthorized access and pilfer cryptocurrency from victims’ digital wallets since early 2023, according to ESET’s findings, which indicated over 100,000 infected devices persisted.
Ebury focuses on infiltrating Bitcoin and Ethereum networks, stealing wallets and other essential keys in the process. This botnet then waits for its victims to unwittingly enter their credentials on the contaminated server before making off with their funds.
Additionally, after gaining unauthorized access to a victim’s system, Ebury would steal login credentials and exploit them to penetrate associated networks. The study revealed a diverse group of targets, including educational institutions, corporations, internet providers, and digital currency marketplaces.
As a researcher studying cybercrimes, I’ve observed that attackers often use stolen identities to rent servers and carry out their malicious activities. This makes it extremely challenging for law enforcement agencies to trace the true origins of these crimes.
“They’re really good at blurring the attribution,” Léveillé added.
In 2015, at the Finland-Russia border, I was apprehended by authorities and later extradited to the United States. The U.S. Department of Justice accused me of computer fraud, an allegation I admitted to in 2017. Subsequently, I received a four-year prison sentence.
The Ebury masterminds have yet to be apprehended, but the National Human Trafficking Coordination Unit (NHTCU) has disclosed that they are actively investigating multiple leads in connection to the case.
Over the past few years, crypto heists have grown more intricate. Not long ago, hackers affiliated with North Korea introduced a new malware strain called “Durian” in attacks against at least two digital currency companies. Previously, a report from Kaspersky, a cybersecurity firm, disclosed that malware had been specifically designed to infiltrate cryptocurrency wallets on macOS.
Read More
- BODEN PREDICTION. BODEN cryptocurrency
- GHST PREDICTION. GHST cryptocurrency
- BETA PREDICTION. BETA cryptocurrency
- STRD PREDICTION. STRD cryptocurrency
- Mango Markets Exploiter Found Guilty Of Fraud And Manipulation
- GBP EUR PREDICTION
- MATIC PREDICTION. MATIC cryptocurrency
- LOOKS PREDICTION. LOOKS cryptocurrency
- BRN/USD
- TNSR PREDICTION. TNSR cryptocurrency
2024-05-23 13:49