Hacker Spins Up 1 Million Virtual Servers to Illegally Mine Crypto

Last week, Europol announced the arrest of a 29-year-old Ukrainian national for using hacked accounts to create 1 million servers used in a worldwide crypto jacking scheme to illegally mine cryptocurrency. This individual is suspected to have been active since 2021 and is known for hijacking cloud computing resources for crypto-mining. Starting in 2021, the hacker infected one of the world’s largest e-commerce companies and used automated tools to brute force the passwords of 1,500 accounts of a subsidiary of the e-commerce company. These accounts were further used to gain access to administrative privileges, which were used to create more than one million virtual computers for use in the crypto-mining scheme. In total law enforcement says the individual has managed to mine roughly 2$ million in cryptocurrency which was laundered using TON cryptocurrency wallets.

Law enforcement was able to arrest the individual after an unnamed cloud provider approached Europol back in January 2023 regarding compromised cloud user accounts. With the help of the cloud provider and the Ukrainian police, Europol was able to track down and identify the hacker who ended up being arrested on January 9th, with law enforcement seizing the individual’s computer equipment, bank and SIM cards, electronic media, and other evidence.

Security Officer Comments:
The development comes after the SEC approved the launch of several BTC Exchange-Traded funds on January 10, 2024. With a U.S. government agency now essentially backing cryptocurrency, this will attract investors including large institutions, making them prime targets for cybercriminals. Although the price of Bitcoin has dropped since the SEC approval in a sell-the-news fashion, the cryptocurrency will likely increase in value as a digital asset. As a result, this may lead to an increase in cybercriminals hijacking computing resources for illegal cryptocurrency mining.

Suggested Corrections:
To defend oneself against cloud cryptojacking, Europol encourages cloud users and providers to implement robust security practices, as indicated below.

  • Strong access controls: use strong authentication methods and access controls to prevent unauthorised access to cloud resources.
  • Regular monitoring: continuously monitor cloud environments for suspicious activities, unauthorised access, and unexpected resource utilisation.
  • Security updates: keep all cloud resources, including virtual machines and containers, updated with the latest security patches to mitigate vulnerabilities.
  • Use security services: consider using cloud security services and tools provided by cloud service providers to enhance security.