Cisco Blogs
Share

COINHOARDER: Tracking a Ukrainian Bitcoin Phishing Ring DNS Style


February 14, 2018 - 0 Comments

This post is authored by Jeremiah O’Connor and Dave Maynor with contributions from Artsiom Holub and Austin McBride. 

Executive Summary

Cisco has been tracking a bitcoin theft campaign for over 6 months. The campaign was discovered internally and researched with the aid of an intelligence sharing partnership with Ukraine Cyberpolice. The campaign was very simple and after initial setup the attackers needed only to continue purchasing Google AdWords to ensure a steady stream of victims. This campaign targeted specific geographic regions and allowed the attackers to amass millions in revenue through the theft of cryptocurrency from victims. This campaign demonstrates just how lucrative these sorts of malicious attacks can be for cybercriminals. Additionally, the revenue generated by these sorts of attacks, can then be reinvested into other cybercriminal operations.

Read More >>

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.