As part of a “sophisticated cryptojacking scheme,” a 29-year-old Ukrainian national has been detained; the operation brought in over $2 million (€1.8 million) in illegal revenues.
With assistance from Europol and an unidentified cloud service provider, the National Police of Ukraine captured the individual dubbed the “mastermind” of the operation on January 9 in Mykolaiv, Ukraine, after “months of intensive collaboration.”
“In January 2023, a cloud provider contacted Europol with details about their compromised cloud user accounts,” the agency stated, noting that it forwarded the information to the Ukrainian authorities.
In a different statement, the Cyber Police of Ukraine stated that the suspect had, at least since 2021, “infected the servers of a well-known American company with a miner virus,” breaking into 1,500 accounts of the organisation with the help of specialised brute-force techniques.
According to the agency, “the hacker gained access to the management of the service using the compromised accounts.” “The hacker built over a million virtual computers to guarantee the malware ran smoothly.”
Three residences were searched as part of the investigation to find evidence against the suspect.
The term “cryptojacking” is a kind of cybercrime that involves using someone’s or an organization’s computer resources without authorization in order to mine cryptocurrencies.
Such attacks are usually carried out on the cloud by installing miners that use the infected host’s processing capacity to mine cryptocurrency without the owner’s knowledge or agreement, and breaking into the infrastructure using compromised credentials that were obtained through other ways.
“If the credentials do not have the threat actors’ desired permissions, privilege escalation techniques are used to obtain additional permissions,” Microsoft stated in July 2023. “In some cases, threat actors hijack existing subscriptions to further obfuscate their operations.”
The main concept is to use free trials or breach reputable tenants’ properties to carry out cryptojacking assaults in order to avoid paying for the infrastructure needed to mine cryptocurrency.
Palo Alto Networks Unit 42 published a report on a cryptojacking campaign in October 2023. The campaign involved threat actors mining Monero by stealing Amazon Web Services (AWS) credentials from GitHub projects five minutes after they were made public.