Crypto Currency News
Ethereum Classic

Threat actors hijack Bitbucket and Docker Hub for Monero mining

According to researchers, those developer resources were also earmarked for Monero mining last year, but now “the campaign has re-emerged in vain”.

In September 2020, Aqua Security’s Nautilus team discovered a campaign targeting automated GitHub and Docker Hub creation processes for cryptocurrency mining. At that point, the company notified the services and the attack was blocked.

SEE: Hackers hide Monero crypto miners in Scarlett Johansson’s picture

According to Aqua’s latest reportThe same campaign has surfaced again and this time much more intense. In just four days, the attackers used Aqua Dynamic Threat Analysis (DTA) to set up around 92 malicious Bitbucket repositories and 92 malicious Docker Hub registers. Their purpose is cryptocurrency mining with these resources.

Unique integration process

According to Assaf Morag, Aqua Security’s leading data analyst, the threat actors have created an ongoing integration process. This is a unique process as several auto-build processes are initiated every hour. On every build they run a Monero Crypto Miner.

Uncomplicated kill chain

In this crypto mining campaign, threat actors used a simple kill chain. First, the attackers register several fake email IDs through a Russian provider and then use official documents to set up a Bitbucket account with numerous repositories to make them appear legitimate.

A similar method is used with Docker Hub, as threat actors create accounts with different tabs associated with them. They create images in Bitbucket / Docker Hub environments and hijack their resources to illegally mine them for Monero.

How do I stay safe?

The campaign shows that cloud-native environments are the current favorite target of cyber criminals.

“Bad actors are constantly developing their techniques to hijack and exploit cloud computing resources for cryptocurrency mining,” Morag explained in a blog post.

Aqua Security recommends that these environments require tight access controls, minimal enforcement rights, and foolproof authentication measures.

“Also the continuous monitoring and restriction of outgoing network connections in order to prevent both data theft and the misuse of resources,” the researchers found.

Did you enjoy reading this article? Don’t forget to like our site on Facebook and keep following us Twitter!

Comments are closed.