Cryptojacker abused compromised cloud accounts to mine €1.8 million

The 29-year-old individual, suspected of masterminding a sophisticated cryptojacking scheme, was arrested by the National Police of Ukraine with the support of Europol.

The suspect is believed to have mined over $2 million (EUR 1.8 million) in cryptocurrencies using stolen cloud resources, Europol announced.

The arrest in Mykolaiv, Ukraine, on January 9th, comes after after months of intensive collaboration between Ukrainian authorities, Europol, and an unnamed cloud provider. Three properties were searched to gather evidence against the main suspect.

Cryptojacking is a malicious activity where an unauthorized actor uses someone else’s computing resources to mine crypto.

In this case, the cryptojacker abused compromised cloud accounts, leaving their legitimate users with huge cloud bills. The criminals used cloud resources to mine cryptocurrencies, the cost of which typically outweighs the profits. However, the threat actor avoided any payments for servers and power by stealing cloud resources.

“A cloud provider approached Europol back in January 2023 with information regarding compromised cloud user accounts of theirs. Europol shared this information with the Ukrainian authorities, who subsequently opened an investigation,” the press release reads.

It’s unclear how the investigation led to the arrest, but Europol noted that the case “illustrates the power of law enforcement joining forces with the private sector,” as three partners worked closely.

Europol’s European Cybercrime Centre (EC3) set up a virtual command post on the action day, supporting the Ukrainian National Police from Europol’s headquarters, with analysis and forensic support on the data gathered during the searches.

To defend oneself against cloud cryptojacking, Europol encourages cloud users and providers to implement robust security practices, as follows:

• Strong access controls: use strong authentication methods and access controls to prevent unauthorized access to cloud resources.
• Regular monitoring: continuously monitor cloud environments for suspicious activities, unauthorized access, and unexpected resource utilization.
• Security updates: keep all cloud resources, including virtual machines and containers, updated with the latest security patches to mitigate vulnerabilities.
• Use security services: consider using cloud security services and tools provided by cloud service providers to enhance security.