An unknown threat actor has gone to great lengths to attempt to compromise the internal systems belonging to one of the most popular cryptocurrency exchanges on the planet through a phishing attack.
Although the attackers were ultimately able to breach the system, they were kicked out before they were allowed to do any serious damage. According to Coinbase, customer funds for the service, like customer data for the service, are safe and sound.
The hacker first sent 5 phishing text messages to Coinbase employees, asking them to urgently log into their company accounts and read an essential message. The messages contained a link that impersonated (opens in a new tab) the Coinbase corporate login page, but was actually nothing more than a malicious landing page developed to steal coins and sensitive data.
Protected by MFA
While most of the employees saw through the scam, one did not and thus gave the hackers his login credentials. After logging in, the victim was thanked and asked to ignore the message. Although they were able to get hold of the login credentials, there was little the attackers could do as the account was protected by multi-factor authentication (MFA).
Although that didn't stop them. They quickly called the victim on the phone, posing as the company's IT department, and instructed her to log into the workstation and follow multiple instructions.
"Fortunately, no funds were taken and no customer information was accessed or viewed from the service, but some limited contact information was taken from our employees, including employee names, email addresses, and certain phone numbers. phone," Coinbase explained.
It took the Coinbase CSIRT around ten minutes to realize the company was under attack and contact the victim about the unusual activity.
At this point, the victim realized that they had been tricked and ended communication with the attacker.
Although no one can know for sure who is behind the campaign, which follows a modus operandi akin to that seen in last year's Scatter Swine/0ktapus phishing campaigns.
At that time, Group-IB cyber security specialists claimed that the attackers managed to steal almost one with zero corporate access credentials through sending phishing text messages.
Via: BleepingComputer (opens in a new tab)