Bitcoin
Bitcoin (BTC)
$101,001.00 3.6879
Bitcoin price
Ethereum
Ethereum (ETH)
$3,938.74 7.84496
Ethereum price
BNB
BNB (BNB)
$720.48 6.35313
BNB price
Solana
Solana (SOL)
$232.30 6.84888
Solana price
XRP
XRP (XRP)
$2.45 5.73857
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000296 11.1374
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000253 13.57749
Pepe price
Bonk
Bonk (BONK)
$0.0000403 13.44425
Bonk price
dogwifhat
dogwifhat (WIF)
$3.17 11.38029
dogwifhat price
Popcat
Popcat (POPCAT)
$1.28 5.14771
Popcat price
Bitcoin
Bitcoin (BTC)
$101,001.00 3.6879
Bitcoin price
Ethereum
Ethereum (ETH)
$3,938.74 7.84496
Ethereum price
BNB
BNB (BNB)
$720.48 6.35313
BNB price
Solana
Solana (SOL)
$232.30 6.84888
Solana price
XRP
XRP (XRP)
$2.45 5.73857
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000296 11.1374
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000253 13.57749
Pepe price
Bonk
Bonk (BONK)
$0.0000403 13.44425
Bonk price
dogwifhat
dogwifhat (WIF)
$3.17 11.38029
dogwifhat price
Popcat
Popcat (POPCAT)
$1.28 5.14771
Popcat price
Bitcoin
Bitcoin (BTC)
$101,001.00 3.6879
Bitcoin price
Ethereum
Ethereum (ETH)
$3,938.74 7.84496
Ethereum price
BNB
BNB (BNB)
$720.48 6.35313
BNB price
Solana
Solana (SOL)
$232.30 6.84888
Solana price
XRP
XRP (XRP)
$2.45 5.73857
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000296 11.1374
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000253 13.57749
Pepe price
Bonk
Bonk (BONK)
$0.0000403 13.44425
Bonk price
dogwifhat
dogwifhat (WIF)
$3.17 11.38029
dogwifhat price
Popcat
Popcat (POPCAT)
$1.28 5.14771
Popcat price
Bitcoin
Bitcoin (BTC)
$101,001.00 3.6879
Bitcoin price
Ethereum
Ethereum (ETH)
$3,938.74 7.84496
Ethereum price
BNB
BNB (BNB)
$720.48 6.35313
BNB price
Solana
Solana (SOL)
$232.30 6.84888
Solana price
XRP
XRP (XRP)
$2.45 5.73857
XRP price
Shiba Inu
Shiba Inu (SHIB)
$0.0000296 11.1374
Shiba Inu price
Pepe
Pepe (PEPE)
$0.0000253 13.57749
Pepe price
Bonk
Bonk (BONK)
$0.0000403 13.44425
Bonk price
dogwifhat
dogwifhat (WIF)
$3.17 11.38029
dogwifhat price
Popcat
Popcat (POPCAT)
$1.28 5.14771
Popcat price

ESET and Dutch police expose Ebury botnet’s cryptocurrency theft operations

eset-and-dutch-police-expose-ebury-botnets-cryptocurrency-theft-operations
Edited by
News
ESET and Dutch police expose Ebury botnet’s cryptocurrency theft operations

Dutch cybersecurity specialists have linked a major cryptocurrency theft to the infamous Ebury botnet, responsible for compromising over 400,000 servers over a 15-year period.

According to a report from Slovakian cybersecurity firm ESET, the incident was initially uncovered during a 2021 investigation by the Dutch National High Tech Crime Unit (NHTCU). During this investigation, operatives found the Ebury botnet on a server linked to crypto theft.

After this revelation, the Dutch crime unit collaborated with ESET, led by researcher  Marc-Etienne Léveillé, who had been studying Ebury for over a decade.

Ebury operators allegedly used a sophisticated attack dubbed adversary-in-the-middle (AitM) to steal the crypto funds. The attack transpires with the botnet intercepting network traffic and capturing login credentials and session information.

“Cryptocurrency theft was not something that we’d ever seen them do before,” Léveillé noted.

The botnet redirects this traffic to servers controlled by the cybercriminals, allowing them to access and steal cryptocurrency from the wallets of the victims. In its report, ESET revealed that over 100,000 remained infected as of 2023.

Ebury specifically targets Bitcoin and Ethereum nodes, making off with wallets and other valuable credentials. The botnet would steal the funds once the unsuspecting victims entered their credentials on the infected server.

ESET and Dutch police expose Ebury botnet's cryptocurrency theft operations - 1
Flowchart of Ebury’s attack on crypto wallets | Source: welivesecurity

Further, once a victim’s system was compromised, Ebury would exfiltrate credentials and use them to infiltrate related systems. The report identified a wide array of victims ranging from universities, enterprises, internet service providers, and cryptocurrency traders.

The attackers also employ stolen identities to rent servers and deploy their attacks. As such, it is very difficult for law enforcement agencies to track down the identities of those behind this cybercrime racket.

“They’re really good at blurring the attribution,” Léveillé added.

One Ebury operator, Maxim Senakh, was arrested at the Finland-Russia border in 2015 and was extradited to the United States. The U.S. Department of Justice charged Senakh with computer fraud, to which he pleaded guilty in 2017. He was sentenced to four years behind bars.

While the masterminds behind Ebury remain at large, the NHTCU has revealed that several leads are being pursued.

Crypto thefts have become increasingly complicated over the years. Earlier this month, North Korean hackers employed a new malware variant dubbed “Durian” to targeted attacks on at least two cryptocurrency firms.

Prior to that, a January report from cybersecurity firm Kaspersky revealed that a malware was targetting cryptocurrency wallets on MacOS.