A 29-year-old man in Ukraine got arrested recently for illegally mining about $2 million in cryptocurrency. He used hacked accounts to set up 1 million virtual servers for this purpose.
Europol busts cybercriminal behind multi-million dollar crypto theft
Europol disclosed that the suspect is the mastermind behind a large-scale cryptojacking scheme. Cryptojacking involves taking control of others’ cloud computing resources to mine cryptocurrency.
These cybercriminals exploit the computing power of other people’s servers, causing harm to the compromised organizations. The compromised organizations experience degraded CPU and GPU performance due to the mining activity. In on-premise compromises, the affected organizations also have to bear the cost of increased power usage from mining operations.
A report from Sysdig in 2022 estimated that the damage from cryptojacking is approximately $53 for every $1 worth of Monero (XMR) mined by cybercriminals on hijacked devices.
Europol became aware of this cryptojacking attack in January 2023 when a cloud service provider detected compromised accounts on their platform. Europol, along with Ukrainian police and the cloud provider, collaborated to gather intelligence for tracking down and identifying the hacker.
The police arrested the hacker on January 9th and seized computer equipment, bank and SIM cards, electronic media, and other evidence of illegal activity. According to Ukrainian cyberpolice, the suspect has been active since 2021, initially using automated tools to brute force passwords for 1,500 accounts of a subsidiary of one of the world’s largest e-commerce entities.
The threat actor gained access to administrative privileges using these accounts and created over a million virtual computers for the crypto-mining scheme. The suspect was using TON cryptocurrency wallets to transfer the illegal proceeds, amounting to around $2 million.
The arrested individual faces criminal charges under Part 5 of Art. 361 (unauthorized interference in the work of information, electronic communication, electronic communication networks) of the Criminal Code of Ukraine.
Also read: Google One dark web report: A tool to protect your personal information
To mitigate the risk of such attacks, monitor for unusual activity, like unexpected spikes in resource usage, implement endpoint protection and intrusion detection systems and limit administrative privileges and access to critical resources only to those who need them. Regularly applying security updates on all software is crucial to protect systems against external threats, as cryptojackers often exploit documented flaws in cloud platforms for their initial compromise. Finally, enabling two-factor authentication (2FA) for all administrative accounts adds an extra layer of security in case credentials are stolen.
Featured image credit: Cyberpolice.gov.ua