Lessons Learned from a $67 Million Cryptocurrency Hack
2019-09-30 • Lifars •
Attachments
The LIFARS case study describes a $67 million cryptocurrency-mining marketplace theft ultimately linked to Hidden Cobra. The initial intrusion used social engineering that impersonated a company system engineer and mimicked a Google Docs weekly-report invitation sent through an anonymous email service. The attack defeated SPF controls and exploited common startup security weaknesses rather than relying on highly advanced malware. The case highlights credential and cloud-workflow abuse, business-process trust, and rapid operational execution in a large cryptocurrency theft.
Indicators of Compromise
| Type | Value | First Seen | Last Seen |
|---|---|---|---|
| HASH | 972ac8e65721ea44af4612954803a5e… | 2019-09-30 | 2019-09-30 |
| URL | http://macintosh.linkpc.net:808… | 2019-09-30 | 2019-09-30 |
| URL | http://www.qingpingshan.com/pc/… | 2019-09-30 | 2019-09-30 |
| URL | http://moneymaker.publicvm.com:… | 2019-09-30 | 2019-09-30 |
| DOMAIN | anonymousemail.me | 2019-09-30 | 2019-09-30 |
| DOMAIN | rnalimpact.info | 2019-09-30 | 2019-09-30 |
| IPv4 | 89.34.237.113 | 2019-09-30 | 2019-09-30 |
| IPv4 | 96.50.122.135 | 2019-09-30 | 2019-09-30 |
| IPv4 | 217.112.130.43 | 2019-09-30 | 2019-09-30 |
| DOMAIN | coinbroker.linkpc.net | 2017-12-19 | 2019-09-30 |
| DOMAIN | macintosh.linkpc.net | 2017-12-19 | 2019-09-30 |
| DOMAIN | moneymaker.publicvm.com | 2017-12-19 | 2019-09-30 |
Related Actors
Related Reports
Shares tag: HiddenCobra • Published within a month
Shares tag: HiddenCobra • Published within a month
2020-02-25 •
38% Match
#HiddenCobra
#T1082
#T1090
#T1005
#T1041
#T1083
#T1027
#T1124
#T1204
#T1057
#T1003
#T1105
#T1055
#T1016
#T1048
#T1074
#T1056
#T1033
#T1012
#T1132
#T1043
#T1060
#T1064
#T1193
#T1065
#T1050
#T1024
Shares tag: HiddenCobra
Shares tag: HiddenCobra
Shares tag: HiddenCobra
Shares tag: HiddenCobra