Jump to content
  • Hacker spins up 1 million virtual servers to illegally mine crypto

    Karlston

    • 481 views
    • 3 minutes
     Share


    • 481 views
    • 3 minutes

    A 29-year-old man in Ukraine was arrested this week for using hacked accounts to create 1 million virtual servers used to mine $2 million in cryptocurrency. 

     

    As announced today by Europol, the suspect is believed to be the mastermind behind a large-scale cryptojacking scheme that involves hijacking cloud computing resources for crypto-mining.

     

    By using the computing resources of others' servers to mine cryptocurrency, the cybercriminals can profit at the expense of the compromised organizations, whose CPU and GPU performance is degraded by the mining.

     

    For on-premise compromises, the damage extends to having to pay for increased power usage, commonly generated by miners.

     

    A 2022 report from Sysdig estimated the damage from cryptojacking to be about $53 for every $1 worth of Monero (XMR) the cybercriminals mine on hijacked devices.

     

    Europol says they first learned of the cryptojacking attack in January 2023 from a cloud service provider who was investigating compromised cloud accounts on their platform.

     

    Europol, the Ukrainian police, and the cloud provider worked together to develop operation intelligence that could be used to track down and identify the hacker.

     

    The police say they arrested the hacker on January 9th, when they seized computer equipment, bank and SIM cards, electronic media, and other evidence of illegal activity.

     

    image.jpg

    Items seized during the suspect's arrestSource: cyberpolice.gov.ua

     

    A separate report by the Ukrainian cyberpolice explains that the suspect has been active since 2021 when he used automated tools to brute force the passwords of 1,500 accounts of a subsidiary of one of the world's largest e-commerce entities.

     

    Europol and Ukraine have not identified the e-commerce company or its subsidiary.

     

    The threat actor then used these accounts to gain access to administrative privileges, which were used to create more than one million virtual computers for use in the cryptomining scheme.

     

    The Ukrainian authorities confirmed that the suspect was using TON cryptocurrency wallets to move the illegal proceeds, with transactions equal to roughly $2 million.

     

    The arrested individual now faces criminal charges under Part 5 of Art. 361 (unauthorized interference in the work of information, electronic communication, electronic communication networks) of the Criminal Code of Ukraine.

    Mitigating the risk

    Threat actors commonly target cloud services to hijack computing resources for illegal cryptocurrency mining.

     

    Methods to defend against cryptojacking attacks include monitoring for unusual activity like unexpected spikes in resource usage, implementing endpoint protection and intrusion detection systems, and limiting administrative privileges and access to critical resources only to those needing them.

     

    Cryptojackers often exploit documented flaws in cloud platforms to achieve an initial compromise. So, regularly applying the available security updates on all software is crucial to protecting systems against external threats.

     

    Finally, all administrative accounts should have 2FA enabled in case their credentials are stolen.

     

    Source


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...