29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services
13.1.24 Cryptocurrency The Hacker News
A 29-year-old Ukrainian national has been arrested in connection with running a "sophisticated cryptojacking scheme," netting them over $2 million (€1.8 million) in illicit profits.
The person was apprehended in Mykolaiv, Ukraine, on January 9 by the National Police of Ukraine with support from Europol and an unnamed cloud service provider following "months of intensive collaboration."
"A cloud provider approached Europol back in January 2023 with information regarding compromised cloud user accounts of theirs," Europol said, adding it shared the intelligence with the Ukrainian authorities.
As part of the probe, three properties were searched to unearth evidence against the suspect.
Cryptojacking refers to a type of cyber crime that entails the unauthorized use of a person's or organization's computing resources to mine cryptocurrencies.
On the cloud, such attacks are typically carried out by infiltrating the infrastructure via compromised credentials obtained through other means and installing miners that use the infected host's processing power to mine crypto without their knowledge or consent.
"If the credentials do not have the threat actors' desired permissions, privilege escalation techniques are used to obtain additional permissions," Microsoft noted in July 2023. "In some cases, threat actors hijack existing subscriptions to further obfuscate their operations."
The core idea is to avoid paying for necessary infrastructure required to mine cryptocurrencies, either by taking advantage of free trials or compromising legitimate tenants to conduct cryptojacking attacks.
In October 2023, Palo Alto Networks Unit 42 detailed a cryptojacking campaign in which threat actors were found stealing Amazon Web Services (AWS) credentials from GitHub repositories within five minutes of their public disclosure to mine Monero.