Hacker Illegally Mines Cryptocurrency Using 1 Million Hijacked Virtual Servers

Ukrainian authorities, in conjunction with Europol, recently announced the arrest of a cybercriminal behind one of the largest known cryptojacking schemes. Law enforcement officials announced the arrest of a 29-year-old man in Ukraine suspected of orchestrating a massive cryptojacking operation that illegally used over 1 million compromised cloud computing instances to mine over $2 million worth of cryptocurrency. According to reports from Europol and Ukrainian authorities, the sophisticated scheme highlights ongoing risks from cybercriminals attempting to leverage others’ computing resources for illicit financial gain.

Rise of a Cryptojacker

Investigations into the case began this January when a major cloud services provider alerted Europol about unusual activity detected across numerous customer accounts. Upon further analysis, officials determined that an outside individual had breached over 1,500 credentials from a subsidiary of a top global e-commerce company in 2021. By exploiting automated tools to brute force weak passwords, the perpetrator gained administrative access and privileges to these accounts.

It’s alleged they then leveraged this access to programmatically launch over 1 million virtual servers and computing instances across the provider’s infrastructure without authorization or payment. Forensics show these instances were used to secretly install specialized crypto-mining malware, which works to silently mine cryptocurrency like Monero without the knowledge of the real customers or server owners. The scale of the operation indicates it generated vast computing power for mining that likely degraded performance for legitimate users.

Through Their Own Words

Collaborating with Europol, Ukrainian police were able to utilize digital evidence and intelligence on suspicious financial transactions to locate and apprehend the main suspect on January 9th. Following an investigation of several properties, authorities state they found significant evidence confirming the individual’s involvement, including mining rigs, cryptocurrency wallets, and online accounts used to control the botnet of hijacked cloud resources.

Per reports, the arrested person has openly admitted to developing custom tools and using social engineering to breach numerous accounts since 2021. They also acknowledge employing the compromised servers and instances for mining, yielding over $2 million in illegally obtained Monero to date. Police Files tracking the suspicious transactions show funds were laundered through various exchanges and wallets in an attempt to obscure the criminal origin of the money.

Mitigating Further Risks

As this case illustrates, threat actors continue targeting internet-connected systems and cloud platforms to anonymously “mine” cryptocurrency at others’ expense. According to specialists, the average damages caused per dollar of Monero mined in these types of cryptojacking schemes can exceed costs by over 50 times due to excessive resource consumption.

Moving forward, robust user authentication, endpoint protections, activity monitoring, and software updates will be crucial defensive layers for organizations. Strictly limiting administrative control to authorized personnel can also prevent escalations like this once an initial intrusion occurs. As cryptocurrency drives new criminal business models, vigilance and cross-industry collaboration on cyber investigations will remain important to counter evolving cyber threats.