A Ukrainian national was arrested last week on suspicion of infecting the servers of a “well-known” American cloud service provider with cryptomining malware, according to Ukrainian police.
A 29-year-old hacker from the southern city of Mykolaiv is believed to have illegally mined more than $2 million worth of cryptocurrencies over the past two years.
Police said they searched three of the suspect’s properties to collect evidence and seized computer equipment, bank cards and other electronic devices.
The hacker’s arrest in early January came after “months of cooperation” between Ukrainian authorities, Europol, and cloud providers affected by the scheme. Authorities did not name the affected cloud company, but Ukrainian police said it was a well-known American company.
Misuse of cloud computing resources is one of several ways cybercriminals illegally mine digital coins.
“By stealing cloud resources to mine cryptocurrencies, criminals can avoid paying for the required servers and electricity, the costs of which typically outweigh the benefits,” Europol said. “Compromised account holders will be left with huge cloud bills.”
Police said the suspects hacked into 1,500 subsidiary accounts starting in 2021 and infected the servers of “one of the world’s largest e-commerce companies.” The attackers used homegrown software for an automated password testing technique known as a brute force attack.
The hackers used the compromised accounts to remotely access the target systems and infect them with cryptomining malware. Police say he used more than 1 million virtual computers to run his malware.
The affected cloud providers brought information about compromised cloud user accounts to Europol in January 2023. Europol shared this information with Ukrainian authorities, after which an investigation was launched.
This is not the first time a cloud service has been compromised for cryptomining. In early May, researchers tracked down a group of financially motivated hackers who attacked Amazon Web Services (AWS) accounts to launch illegal mining operations.
Attackers began their operations by finding publicly available AWS access credentials or hacking into services like GitLab to gather information.
There are no past articles
There are no new articles
Daryna Antoniuk is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyber attacks in Eastern Europe, and the state of the cyber war between Ukraine and Russia. She previously served as a technology reporter for Forbes Her Ukraine. Her work has also appeared in Sifted, The Kyiv Independent and The Kyiv Post.