Tag: Cryptojacking

Exposed Docker APIs Under Attack in ‘Commando Cat’ Cryptojacking Campaign
News

Exposed Docker APIs Under Attack in ‘Commando Cat’ Cryptojacking Campaign

A highly skilled cryptojacking effort known as Commando Cat is targeting exposed Docker API endpoints on the internet. In a recent analysis released today, Cado security experts Nate Bill and Matt Muir stated, "The campaign deploys a benign container generated using the Commando project." "The attacker escapes this container and runs multiple payloads on the Docker host." This is the second campaign of its kind that has been found in as many months; it is thought to have been underway since the beginning of 2024. The cloud security company also revealed details on another activity cluster in mid-January that targets susceptible Docker systems read more Exposed Docker APIs Under Attack in Commando Cat Cryptojacking Campaign. Get up to date on the latest cybersecurity news and enha...
EleKtra-Leak Cryptojacking Attacks Exploit AWS IAM Credentials Exposed on GitHub
News

EleKtra-Leak Cryptojacking Attacks Exploit AWS IAM Credentials Exposed on GitHub

In an attempt to aid cryptojacking activities, a new continuing campaign known as EleKtra-Leak has focused on exposed identity and access management (IAM) credentials from Amazon Web Services (AWS) inside open GitHub projects. Researchers William Gamazo and Nathaniel Quist of Palo Alto Networks Unit 42 said in a technical report shared with The Hacker News that "as a result of this, the threat actor associated with the campaign was able to create multiple AWS Elastic Compute (EC2) instances that they used for wide-ranging and long-lasting cryptojacking operations." Operating since December 2020 at the latest, the operation's goal is to mine Monero from up to 474 distinct Amazon EC2 instances between read more EleKtra-Leak Cryptojacking Attacks Exploit AWS IAM Credentials Exposed on ...
New AMBERSQUID Cryptojacking Operation Targets Uncommon AWS Services
News

New AMBERSQUID Cryptojacking Operation Targets Uncommon AWS Services

In order to covertly mine cryptocurrency, a revolutionary cloud-native cryptojacking operation has its sights set on specialized Amazon Web Services (AWS) products like AWS Amplify, AWS Fargate, and Amazon SageMaker. The cloud and container security company Sysdig has given the hostile cyber behavior the codename AMBERSQUID. "The AMBERSQUID operation was able to exploit cloud services without triggering the AWS requirement for approval of more resources, as would be the case if they only spammed EC2 instances," Sysdig security researcher Alessandro Brucato wrote in a study posted with The Hacker News. Targeting numerous services also presents additional difficulties, such as incident response, as it necessitates locating and eliminating all miners in each service that has been ex...
New LABRAT Campaign Exploits GitLab Flaw for Cryptojacking and Proxyjacking Activities
News

New LABRAT Campaign Exploits GitLab Flaw for Cryptojacking and Proxyjacking Activities

GitLab's recently fixed serious vulnerability has been weaponized as part of a cryptojacking and proxyjacking effort by a new, profit-driven enterprise known as LABRAT. According to a study from Sysdig shared with The Hacker News, "the attacker used undetected signature-based tools, sophisticated and stealthy cross-platform malware, command-and-control (C2) tools that bypassed firewalls, and kernel-based rootkits to hide their presence." Additionally, the attacker used TryCloudflare, a respectable provider, to conceal their C2 network. By renting out the hijacked server to a proxy network using proxyjacking, the attacker is able to make money off the unused bandwidth. On the other hand, cryptojacking describes the misuse of system resources to mine bitcoin read more New LABRAT Ca...
SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign
News

SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign

An continuing sophisticated attack effort known as SCARLETEEL continues to target cloud settings, with threat actors currently focusing on Amazon Web Services (AWS) Fargate. According to a new report from Sysdig security researcher Alessandro Brucato, "Cloud environments are still their primary target, but the tools and techniques used have adapted to bypass new security measures, along with a more resilient and stealthy command and control architecture." The cybersecurity firm originally revealed SCARLETEEL in February 2023, describing a complex attack chain that resulted in the theft of confidential information from AWS infrastructure read more SCARLETEEL Cryptojacking Campaign Exploiting AWS Fargate in Ongoing Campaign. Stay informed with the best cybersecurity news and raise ...