A 29-year-old Ukrainian citizen has been arrested for running a “sophisticated cryptocurrency hijacking scheme” that brought them more than $2 million (€1.8 million) in illicit profits.
After “months of close cooperation” and with support from Europol and an unnamed cloud service provider, the Ukrainian National Police arrested the man on January 9 in Mykolayev, Ukraine.
“A cloud provider approached Europol as early as January 2023 to provide information about the theft of its cloud user accounts,” Europol said, adding that it had shared the intelligence with Ukrainian authorities.
As part of the investigation, police searched three properties to identify evidence against the suspects.
Cryptojacking is a type of cybercrime that involves the unauthorized use of a person’s or organization’s computing resources to mine cryptocurrency.
In the cloud, such attacks typically involve compromising credentials obtained through other means to infiltrate the infrastructure and install miners that exploit the processing power of the compromised host to mine cryptocurrency without the compromised host’s knowledge or consent.
Microsoft noted in July 2023: “If the credentials do not have the permissions the threat actor requires, privilege escalation techniques will be used to gain additional permissions. In some cases, threat actors will hijack existing subscriptions to further obfuscate their operate.”
The core idea is to conduct cryptojacking attacks by exploiting free trials or compromising legitimate tenants, thus avoiding paying for the necessary infrastructure required to mine cryptocurrency.
In October 2023, Palo Alto Networks Unit 42 detailed a cryptojacking campaign in which threat actors were discovered to have stolen Amazon Web Services (AWS) credentials from a GitHub repository within five minutes of publicly disclosing information used to mine Monero .
