Ukrainian Hacker Arrested For $2 Million Cryptocurrency Mining Scheme Using 1 Million Hijacked Cloud Servers
A 29-year-old Ukrainian man was arrested this week for allegedly masterminding a massive cryptojacking operation that earned $2 million by illegally mining cryptocurrency using over 1 million compromised cloud servers.
The scheme first came to light in January 2023, when a major cloud service provider noticed suspicious activity on some customer accounts. An investigation revealed that the hacker had brute-forced his way into 1,500 accounts belonging to a subsidiary of one of the world’s biggest e-commerce companies.
Also Read: Cyber Defenses and Cyber Insurance: A holistic approach to cyber risk management
From there, he gained administrative access, which allowed him to spin up more than 1 million virtual machines on the hijacked cloud accounts. The suspect then installed cryptocurrency mining software on the servers to mine digital coins undetected, profiting at the expense of the cloud provider and its customers.
According to a report by Europol, which assisted Ukrainian police in tracking down the hacker, damage from such cryptojacking attacks can be steep.
For every $1 worth of Monero mined illegally, providers face around $53 in expenses related to the degraded performance and increased power consumption caused by unauthorized cryptocurrency mining programs running on their servers.
Also Read: Sophos anticipates AI-based attack techniques and prepares detections
The hacker was finally arrested on January 9th after a joint investigation by Europol, Ukrainian law enforcement, and the affected cloud provider. The authorities seized the suspect’s computer equipment, storage devices, bank cards, and other evidence during the operation.
The arrested individual now faces up to six years in prison under Ukraine’s computer crime laws. Meanwhile, the cloud provider and its customers have likely incurred significant losses from the scheme.
How To Protect Against Cryptojacking Attacks
As cryptocurrency values climb, threat actors are increasingly hijacking computing resources for illegal crypto mining. Organizations can reduce their vulnerability to such cryptojacking schemes by:
- Monitoring systems for unusual spikes in resource usage or network traffic to uncover stealthy mining programs
- Implementing strong endpoint and network security tools like antivirus and intrusion detection software
- Restricting administrative account privileges to only those needing access
- Applying the latest security updates for all cloud platforms and software
- Enabling two-factor authentication (2FA) on administrative logins to secure credentials against brute-force attacks
With vigilance and proactive security measures, companies can help shut the door on profit-motivated hackers looking to exploit IT infrastructure for illicit cryptocurrency gains.
