- Google said that 86% of the 50 recently compromised Google Cloud accounts were used to mine cryptocurrency.
- Cryptocurrency mining is a for-profit activity that often requires a large amount of computing power, which Google Cloud customers can access at a cost.
- “Malicious actors were observed mining cryptocurrency within compromised cloud instances,” Google wrote in an executive summary of the report.
Google has warned that cryptocurrency miners are using hacked Google Cloud accounts for computationally intensive mining purposes.
The search giant’s cybersecurity team provided details of the security breach in a report published on Wednesday. where did it go “Danger Horizon” report It aims to provide intelligence that allows organizations to keep their cloud environments secure.
“Malicious actors were seen mining cryptocurrency within compromised cloud instances,” Google wrote in a executive Summary of report.
Cryptocurrency mining is a for-profit activity that often requires a large amount of computing power, which Google Cloud customers can access at a cost. Google Cloud is a remote storage platform where customers can keep data and files off-site.
Google said that 86% of the 50 recently compromised Google Cloud accounts were used to mine cryptocurrency. Google said that in most of the breaches, cryptocurrency mining software was downloaded within 22 seconds of the account being compromised.
About 10% of the compromised accounts were also used to perform scans of other publicly available resources on the Internet to identify vulnerable systems, while 8% of the instances were used to attack other targets. had gone.
Bitcoin, the world’s most popular cryptocurrency, has been criticized for being too energy intensive. Bitcoin mining uses more energy than some countries as a whole. In May, police raided a suspected cannabis farm to discover that it was, in fact, an illegal bitcoin mine.
“The cloud threat landscape in the year 2021 was more complex than just rogue cryptocurrency miners,” wrote Bob Meckler, director of the Office of the Chief Information Security Officer at Google Cloud, and Seth Rosenblatt, security editor for Google Cloud. a blog post,
He said Google researchers also uncovered a phishing attack by the Russian group APT28/Fancy Bear in late September, adding that Google blocked the attack.
Google researchers have also identified a North Korean government-backed threat group that Presented as Samsung Recruiters For sending malicious attachments to employees at several South Korean anti-malware cybersecurity companies, he added.