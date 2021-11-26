



Cryptocurrency miners are using hacked Google Cloud accounts for compute-intensive mining purposes, Google warns.

A search giant cybersecurity team provided details of a security breach in a report published Wednesday. The so-called “Threat Holidays” report aims to provide intelligence that enables organizations to keep their cloud environment secure.

“We have seen malicious attackers performing cryptocurrency mining inside compromised cloud instances,” Google wrote in the report’s executive summary.

Cryptocurrency mining is a commercial activity and often requires a great deal of computing power. This is accessible to Google Cloud customers for a fee. Google Cloud is a remote storage platform that allows customers to store data and files offsite.

Google said that 86% of the 50 recently compromised Google cloud accounts were used to perform cryptocurrency mining. According to Google, most of the breaches downloaded cryptocurrency mining software within 22 seconds of the account being breached.

Approximately 10% of compromised accounts are also used to scan other published resources on the Internet to identify vulnerable systems, and 8% of instances attack other targets. Was used for.

Bitcoin, the world’s most popular cryptocurrency, has been criticized for being too energy-intensive. Bitcoin mining uses more energy than some countries. In May, police attacked a suspected cannabis farm and realized it was actually an illegal Bitcoin mine.

“Of course, the situation of the cloud threat in 2021 was more complicated than just a rogue cryptocurrency miner,” said Bob Mechler, Google Cloud’s chief information security officer’s office director, and Seth Rosenblatt, Google Cloud’s security editor, on a blog. I am writing. director.

They also said that Google researchers exposed a phishing attack by Russian group APT28 / Fancy Bear at the end of September, adding that Google stopped the attack.

Google researchers also identified a North Korean government-backed threat group that Samsung recruiters pretended to send malicious attachments to employees of several South Korean anti-malware cybersecurity companies. They added.

