Crypto miner hacks cloud account.

Crypto miner hacks cloud account.

Google has warned that cryptocurrency miners are using compromised Google Cloud accounts for resource-intensive mining. The search giant's cybersecurity group provided details about the hack in a report released on Wednesday. 

The so-called Threat Horizon report aims to provide information that enables organizations to secure their cloud environments. “Attackers have witnessed mining cryptocurrencies on compromised instances in the cloud,” the Google report states in its summary. 


Cryptocurrency mining is a commercial activity that often requires a lot of computing power, and can be accessed by Google Cloud customers at an additional cost. Google Cloud is a remote storage platform that allows customers to store data and files outside of the office. 

 Google said that 86% of the 50  Google Cloud accounts that were recently hacked were used for cryptocurrency mining. 

According to Google, in most cases, cryptocurrency mining software was downloaded within 22 seconds of an account being hacked. About 10% of compromised accounts were  used to scan other public resources on the internet to identify vulnerable systems, and 8% of instances were used to attack other targets. 

Bitcoin is the  most popular cryptocurrency in the world and has been criticized for being too energy-intensive. Bitcoin mining uses more energy than some  countries. In May, police raided a  cannabis farm and discovered illegal bitcoin mining. “The cloud threat landscape in 2021 was definitely more complex than the fraudulent cryptocurrency miners,” said Bob Mehler, Director of Google Cloud Chief Security Officer Office and Seth Rosenblatt, Security Editor at Google Cloud. blog post. 


They added that Google researchers also discovered a phishing attack by the Russian group APT28/Fancy Bear in late September and that Google blocked the attack. Google researchers also added that they identified a North Korean government-backed threat group impersonating Samsung recruiters and sending malicious attachments to employees of several South Korean  cybersecurity companies about malware.