Crypto miners hack cloud accounts, says Google

Google has warned cryptocurrency miners that hacked Google Cloud accounts are being used to conduct computationally intensive mining.

Crypto miners hack cloud accounts, says Google

Google has warned cryptocurrency miners that hacked Google Cloud accounts are being used to conduct computationally intensive mining.

In a report published Wednesday, Google's cybersecurity team detailed the security breach. With its 'Threat Horizons' report, the company aims to provide organizations with information that will enable them to protect their cloud environments.

As a result of compromised Cloud instances, malicious actors have been mining cryptocurrency, Google wrote in the executive summary.

For-profit cryptocurrency mining requires high computing power, which Google Cloud customers can access for a fee. Customers can store their data and files on the Google Cloud, a remote storage platform.

Eighty-six percent of 50 recently compromised Google Cloud accounts were used to mine crypto assets, according to Google. The search giant said crypto mining software was downloaded within 22 seconds of the account being compromised in the majority of breaches.

Ten percent of the compromised accounts were also used to conduct scans of other publicly accessible Internet resources to identify vulnerable systems, and 8% were used to launch attacks against other targets.

Most people have criticized Bitcoin for being too energy-intensive, which is one of the reasons it is so popular. Some countries use more energy than Bitcoin mining consumes. The police discovered an illegal bitcoin mine when they raided a suspected cannabis farm in May.

Google Cloud's chief information security officer, Bob Mechler, and Seth Rosenblatt, Google Cloud's security editor, noted in a blog in 2021 that the cloud threat landscape was more complex than just rogue cryptocurrency miners.

APT28/Fancy Bear also launched a phishing attack on Google researchers at the end of September, they said, adding that Google blocked the attack.

A group of North Korean government-backed threat actors who sent malicious attachments to several anti-malware cybersecurity firms in South Korea was also identified by Google researchers, they added.