Cryptocurrency miners are using hacked Google Cloud accounts for compute-intensive mining purposes, Google has warned.
The search giant's cybersecurity team provided details of the security breach in a report released Wednesday. The call Report "Threat Horizons" aims to provide intelligence that enables organizations to keep their cloud environments secure.
"Malicious actors were observed mining cryptocurrencies within compromised cloud instances," Google wrote in a executive Summary Of the report.
Cryptocurrency mining is a for-profit activity that often requires large amounts of computing power, which can be accessed by Google Cloud customers at a cost. Google Cloud is a remote storage platform where customers can keep data and files off-site.
Google said that 86% of the 50 recently compromised Google Cloud accounts were used for cryptocurrency mining. For most breaches, the cryptocurrency mining software was downloaded within 22 seconds of the account breach, Google said.
About 10% of the compromised accounts were also used to scan other publicly available resources on the Internet to identify vulnerable systems, while 8% of the instances were used to attack other targets.
Bitcoin, the world's most popular cryptocurrency, has been criticized for consuming too much energy. Bitcoin mining uses more energy than some entire countries. In May, police raided an alleged cannabis farm to find out that it was indeed an illegal bitcoin mine.
"The cloud threat landscape in 2021 was more complex than rogue cryptocurrency miners, of course," wrote Bob Mechler, office director of Google Cloud's chief information security officer, and Seth Rosenblatt, security editor. from Google Cloud, in a blog post.
They said Google researchers also exposed a phishing attack by the Russian group APT28 / Fancy Bear in late September, adding that Google blocked the attack.
Google researchers also identified a group of threats backed by the North Korean government that posed as Samsung recruiters to send malicious attachments to employees of various South Korean antimalware cybersecurity companies, they added.
