Article Details
Scrape Timestamp (UTC): 2024-01-13 10:06:22.599
Source: https://thehackernews.com/2024/01/29-year-old-ukrainian-cryptojacking.html
Original Article Text
Click to Toggle View
29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services. A 29-year-old Ukrainian national has been arrested in connection with running a "sophisticated cryptojacking scheme," netting them over $2 million (€1.8 million) in illicit profits. The person was apprehended in Mykolaiv, Ukraine, on January 9 by the National Police of Ukraine with support from Europol and an unnamed cloud service provider following "months of intensive collaboration." "A cloud provider approached Europol back in January 2023 with information regarding compromised cloud user accounts of theirs," Europol said, adding it shared the intelligence with the Ukrainian authorities. As part of the probe, three properties were searched to unearth evidence against the suspect. Cryptojacking refers to a type of cyber crime that entails the unauthorized use of a person's or organization's computing resources to mine cryptocurrencies. On the cloud, such attacks are typically carried out by infiltrating the infrastructure via compromised credentials obtained through other means and installing miners that use the infected host's processing power to mine crypto without their knowledge or consent. "If the credentials do not have the threat actors' desired permissions, privilege escalation techniques are used to obtain additional permissions," Microsoft noted in July 2023. "In some cases, threat actors hijack existing subscriptions to further obfuscate their operations." The core idea is to avoid paying for necessary infrastructure required to mine cryptocurrencies, either by taking advantage of free trials or compromising legitimate tenants to conduct cryptojacking attacks. In October 2023, Palo Alto Networks Unit 42 detailed a cryptojacking campaign in which threat actors were found stealing Amazon Web Services (AWS) credentials from GitHub repositories within five minutes of their public disclosure to mine Monero. Report: Unveiling the Threat of Malicious Browser Extensions Download the Report to learn the Risks of Malicious Extensions and Hot to Mitigate Them. Master Cloud Security - Get FREE eBook Comprehensive eBook covering cloud security across infrastructure, containers, and runtime environments for security professionals
Daily Brief Summary
A 29-year-old from Ukraine has been detained for orchestrating a large-scale cryptojacking operation, accruing over $2 million.
European law enforcement agencies in collaboration with Europol and an impacted cloud service provider led the arrest.
The Europol got involved after the affected cloud provider reported compromised user accounts earlier in January.
Multiple properties were searched to collect evidence against the suspect who had been tapping into cloud services for cryptocurrency mining.
Cryptojacking involves unauthorized use of computing resources to mine cryptocurrencies, frequently through compromised credentials and escalated privileges.
Perpetrators exploit cloud infrastructures, often leveraging free trials or breaching legitimate accounts to conduct their illegal activities.
Prior reports by Palo Alto Networks Unit 42 reveal related incidents where AWS credentials were hijacked from GitHub for cryptojacking within minutes of exposure.