Advertisement Banner
  • Home
  • News
  • Cyber News
  • Contact
No Result
View All Result
  • Home
  • News
  • Cyber News
  • Contact
No Result
View All Result
Wellnessnewshubb
No Result
View All Result
Home Cyber News

A sophisticated threat actor hit cryptocurrency exchange CoinbaseSecurity Affairs

admin by admin
February 20, 2023
in Cyber News


The Coinbase cryptocurrency exchange was the victim of a sophisticated cyberattack, experts believe is was targeted by Twilio hackers.

A sophisticated threat actor launched a smishing campaign against the employees of the cryptocurrency exchange Coinbase.

According to the company, on February 5, 2023, some of its employees received text messages requesting them to urgently log in to their accounts using an embedded link.

Most of the employees ignored the message, but the company revealed that one employee clicked the link and enters provided his credentials. Once “logging in”, the employee is prompted to disregard the message.  

Since Coinbase supports two-factor authentication (2FA) to protect the account of its employees, the threat actor was not able to access the account of this employee. However, after 20 minutes, the hackers called up the employee pretending to be from the corporate IT department and requested him to log into his workstation.

The employee followed the instructions provided by the attackers and logged into his workstation. The good news is that Coinbase’s security team detected suspicious activity and immediately alerted the targeted employee locking out the hacker.

The company’s CSIRT team immediately suspended all access for the targeted employee and launched an investigation into the attack.

“Fortunately no funds were taken and no customer information was accessed or viewed, but some limited contact information for our employees was taken, specifically employee names, e-mail addresses, and some phone numbers.” reads the statement published by the cryptocurrency exchange.

Coinbase pointed out that threat actors did access customer data and were not able to steal any funds.

Evidence collected by Coinbase revealed that the attack was likely conducted by the threat actor 0ktapus, which was behind the attacks against at least 130 other organizations, including Twilio and Cloudflare.

Domain patterns:
sso-*.com,
*-sso.com,
dashboard-*.com,
*-dashboard.com

– AnyDesk & ISLonline RMM tools

– MullvadVPN

– Calls/Texts from: Google Voice, Skype, Vonage/Nexmo, Bandwidth

– EditThisCookie browser extension

– riseup[.]net used to copy & paste data (for exfil)

— Will (@BushidoToken) February 18, 2023

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Smishing)



Share On






Source link

Previous Post

Ek Shaam Warriors Ke Naam Open Mic Event –

Next Post

Supreme Court declines to hear Wikimedia case against NSA surveillance program

Next Post

Supreme Court declines to hear Wikimedia case against NSA surveillance program

Recommended

DHS Center for Countering Human Trafficking Recognized with Award from the International Association of Chiefs of Police (IACP)

4 months ago

Bitcoin, Ether extend gains; XRP biggest winner in top 10

3 months ago

© 2022 Law Enforcement News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Cyber News
  • Contact

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Cyber News
  • Contact

© 2022 Law Enforcement News Hubb All rights reserved.