Dutch cybersecurity specialists have connected a significant cryptocurrency theft to the well-known Ebury botnet. This botnet has compromised over 400,000 servers over a 15-year period.
According to a report from a Slovakian cybersecurity firm, the incident was first uncovered during a 2021 investigation by the Dutch National High Tech Crime Unit (NHTCU). During this investigation, the Ebury botnet was found on a server linked to the crypto theft.
Following this discovery, the Dutch crime unit worked with ESET, led by researcher Marc-Etienne LΓ©veillΓ©, who had studied Ebury for over a decade.
Ebury operators allegedly used a sophisticated attack known as adversary-in-the-middle (AitM) to steal the crypto funds. This attack involves the botnet intercepting network traffic and capturing login credentials and session information.
“Cryptocurrency theft was not something that weβd ever seen them do before,” LΓ©veillΓ© noted.
The botnet redirects this traffic to servers controlled by the cybercriminals, allowing them to access and steal cryptocurrency from the wallets of the victims. The report revealed that over 100,000 servers remained infected as of 2023.
Ebury specifically targets Bitcoin and Ethereum nodes, stealing wallets and other valuable credentials. The botnet would steal the funds once the unsuspecting victims entered their credentials on the infected server.
Once a victimβs system was compromised, Ebury would exfiltrate credentials and use them to infiltrate related systems. The report identified a wide range of victims, including universities, enterprises, internet service providers, and cryptocurrency traders.
The attackers also employ stolen identities to rent servers and deploy their attacks. This makes it very challenging for law enforcement agencies to track down the identities of those behind this cybercrime racket.
“Theyβre really good at blurring the attribution,” LΓ©veillΓ© added.
One Ebury operator, Maxim Senakh, was arrested at the Finland-Russia border in 2015 and was extradited to the United States. The U.S. Department of Justice charged Senakh with computer fraud, to which he pleaded guilty in 2017. He was sentenced to four years in prison.
While the masterminds behind Ebury remain at large, the NHTCU has revealed that several leads are being pursued.
Crypto thefts have become increasingly complicated over the years. Earlier this month, North Korean hackers used a new malware variant called βDurianβ to target at least two cryptocurrency firms.
Prior to that, a January report from a cybersecurity firm revealed that malware was targeting cryptocurrency wallets on MacOS.
Stay informed about the latest developments in the world of cryptocurrencies, investing, and finance by exploring more news on Global Crypto News.