An intelligent approach to mining is a new trend in the world of cybercrime.
Recently, researchers discovered a new cryptojacking operation targeting Amazon Web Services (AWS) resources such as Amplify, Fargate, and SageMaker. This scam campaign was codenamed AMBERSQUID and identified by Sysdig, a company specializing in cloud and container security.
According to Alessandro Brucato, a security researcher at Sysdig, the AMBERSQUID operation was able to exploit cloud services without activating AWS ' requirements to approve additional resources.
"Targeted attacks on several services at once create additional problems in the form of incident response, since it takes time to find and destroy all the miners in each exploited service," Brucato said.
The campaign was discovered after analyzing 1.7 million images on the Docker platform. With moderate confidence, researchers attribute it to hackers from Indonesia, as indicated by the use of the Indonesian language in scripts and usernames.
Scammers have developed images designed to execute cryptocurrency miners downloaded from hacker-controlled repositories on GitHub. A special feature is the abuse of CodeCommit to create private Git repositories, which are then used in various services as a source.
Sysdig estimates that AMBERSQUID could lose more than $10,000 a day if the campaign is scaled to attack all AWS usage regions. Additional analysis of crypto wallets showed that the attackers have already earned more than $18,300.
This is not the first time that Indonesian hackers have been linked to cryptojacking campaigns. In May of this year, Permiso specialists examined in detail the activity of the group under the pseudonym GUI-vil, which used the AWS Elastic Compute Cloud (EC2) service for mining cryptocurrencies.
Michael Clarke, director of threat research at Sysdig, said that it is likely that we are talking about different groups of attackers. However, he stressed that such incidents prove that there is a thriving community around cryptojacking in Indonesia.
Concluding their report, the experts stressed the importance of not neglecting security when using various cloud services and tools. Services such as AWS Amplify, AWS Fargate, and Amazon SageMaker may also be vulnerable, although not as obviously as more popular services like EC2.
Recently, researchers discovered a new cryptojacking operation targeting Amazon Web Services (AWS) resources such as Amplify, Fargate, and SageMaker. This scam campaign was codenamed AMBERSQUID and identified by Sysdig, a company specializing in cloud and container security.
According to Alessandro Brucato, a security researcher at Sysdig, the AMBERSQUID operation was able to exploit cloud services without activating AWS ' requirements to approve additional resources.
"Targeted attacks on several services at once create additional problems in the form of incident response, since it takes time to find and destroy all the miners in each exploited service," Brucato said.
The campaign was discovered after analyzing 1.7 million images on the Docker platform. With moderate confidence, researchers attribute it to hackers from Indonesia, as indicated by the use of the Indonesian language in scripts and usernames.
Scammers have developed images designed to execute cryptocurrency miners downloaded from hacker-controlled repositories on GitHub. A special feature is the abuse of CodeCommit to create private Git repositories, which are then used in various services as a source.
Sysdig estimates that AMBERSQUID could lose more than $10,000 a day if the campaign is scaled to attack all AWS usage regions. Additional analysis of crypto wallets showed that the attackers have already earned more than $18,300.
This is not the first time that Indonesian hackers have been linked to cryptojacking campaigns. In May of this year, Permiso specialists examined in detail the activity of the group under the pseudonym GUI-vil, which used the AWS Elastic Compute Cloud (EC2) service for mining cryptocurrencies.
Michael Clarke, director of threat research at Sysdig, said that it is likely that we are talking about different groups of attackers. However, he stressed that such incidents prove that there is a thriving community around cryptojacking in Indonesia.
Concluding their report, the experts stressed the importance of not neglecting security when using various cloud services and tools. Services such as AWS Amplify, AWS Fargate, and Amazon SageMaker may also be vulnerable, although not as obviously as more popular services like EC2.
