Hackers Arrested for Cryptojacking 1 Million Virtual Servers

Last Updated on January 15, 2024 by SPN Editor

Ukrainian authorities, in collaboration with Europol and an unnamed cloud service provider, have apprehended a 29-year-old individual on charges of Cryptojacking and illicitly mining cryptocurrencies by compromising cloud accounts. The arrest, which took place on January 9 in Mykolaiv, was part of a joint effort to dismantle what Europol described as a ‘sophisticated cryptojacking scheme.’

According to Europol’s statement on January 12, the suspect is alleged to have engaged in Cryptojacking and mined over $2 million (€1.8 million) in cryptocurrencies by exploiting compromised accounts. The Ukrainian cyber police, also involved in the operation, revealed that the individual employed automated tools to breach the passwords of 1,500 accounts associated with a subsidiary of an unnamed e-commerce entity.

The accused is believed to have utilized the compromised accounts to gain administrative privileges, subsequently creating over one million virtual computers for a large-scale cryptocurrency mining operation. TON cryptocurrency wallets were purportedly used to facilitate the movement of the ill-gotten gains.

The investigation was triggered by a tip-off from the cloud service provider, which approached Europol in January 2023 with information about compromised cloud user accounts. Three properties were searched during the operation, and Europol’s European Cybercrime Centre (EC3) established a virtual command post, supporting the Ukrainian National Police with analysis and forensic assistance.

It has been disclosed that the apprehended suspect has been Cryptojacking since 2021. During this time, automated tools were allegedly employed to forcefully breach the passwords of 1,500 accounts linked to a subsidiary of one of the world’s largest e-commerce entities. However, Europol and Ukrainian authorities have refrained from disclosing the identity of the e-commerce company or its subsidiary. The Main Investigation Department of the National Police has initiated criminal proceedings under Part 5 of Article 361 of the Criminal Code of Ukraine, focusing on unauthorized interference with information systems.

Cryptojacking in a cloud environment involves unauthorized access to cloud computing infrastructure by malicious actors, utilizing its computational power for cryptocurrency mining. This allows cryptojackers to avoid the expenses associated with servers and power, maximizing their profits. Importantly, compromised account holders are often left with significant cloud bills.

Following the compromise of these accounts, the threat actor purportedly exploited them to acquire administrative privileges. These privileges, in turn, were utilized to generate over one million virtual computers as part of an extensive cryptomining operation. TON cryptocurrency wallets were reportedly employed by the suspect to facilitate the movement of the illicit proceeds, amounting to approximately $2 million.

To mitigate the risk of such cyber threats, organizations are advised to adopt proactive measures. Monitoring for unusual activities, particularly unexpected spikes in resource usage, serves as an early detection mechanism. Implementing robust endpoint protection and intrusion detection systems further fortifies the defense against cryptojacking attempts. Additionally, restricting administrative privileges and providing access to critical resources only to those who require them is crucial in preventing unauthorized access.

Cryptojackers often exploit known vulnerabilities in cloud platforms for their initial compromise. Therefore, maintaining the security of systems involves regularly applying available security updates across all software to guard against external threats.

Ensuring that all administrative accounts incorporate two-factor authentication (2FA) adds an extra layer of security, safeguarding against the potential compromise of credentials. These proactive measures collectively contribute to a more resilient defense against the growing threat of illicit cryptocurrency mining activities.

Some Ways to Prevent Cryptojacking

Defending against cryptojacking – the unauthorized use of computing resources for cryptocurrency mining – requires a multifaceted approach. Here are detailed strategies to prevent cryptojacking and fortify your digital defenses:

Install Ad-Blockers: Ad-blockers serve as a frontline defense by preventing cryptojacking scripts from executing. By blocking malicious ads and scripts, users can significantly reduce the risk of inadvertently participating in crypto-mining activities.

Keep Systems Updated: Regularly updating operating systems and software is paramount. Updates often include security patches that address vulnerabilities exploited by cryptojackers. Timely updates contribute to a robust defense against evolving threats.

Block URLs/IPs of Infected Sites and Mining Pools: Organizations can proactively block URLs and IPs associated with infected cryptojacking sites and domains hosting crypto-mining pools. This preventive measure helps curb unauthorized access to computing resources.

Implement Network System Monitoring: Continuous monitoring of network systems enables the early detection of anomalies such as excessive resource utilization. Unusual spikes in CPU or GPU usage may indicate cryptojacking attempts. Implementing effective monitoring tools provides a proactive response to potential threats.

Educate End Users: Awareness is a powerful defense. Educate end users about the signs of cryptojacking, including sluggish system performance, delays in execution, overheating, increased power consumption, or unexpectedly high cloud computing bills. Vigilant users can play a crucial role in identifying and reporting potential threats.

Use Anti-Cryptojacking Extensions: Browser-level protection is essential. Anti-cryptojacking extensions, available for various browsers, actively block cryptomining activities. These extensions analyze website scripts in real-time, preventing the execution of cryptojacking code.

Exercise Caution with Email Attachments and Downloads: Cryptojacking malware often infiltrates systems through malicious email attachments or downloads. Users should exercise caution and avoid opening attachments or downloading files from unknown or untrusted sources. Implementing robust email security protocols adds an extra layer of defense.