A skilled cryptojacker has been seized by the Cyber Police Regiment of Ukraine; the perpetrator is simply accused of infiltrating the accounts of more than 5,000 users, which are all of one of the world’s largest international hosting companies.
It estimates that the large operation, which engaged in illegal cryptocurrency mining by clandestinely redirecting server resources, caused $4.5 million in damages.
The suspect, who hails from Poltava, had reportedly been working since 2018 in a carefully planned manner to take advantage of the weaknesses in the infrastructure of a number of international companies.
The person accessed customer accounts that were used to host websites and platforms with open source intelligence (OSINT) methods. Within the infected servers, VMs were then created to mine cryptocurrency without being detected, effectively leeching computing power and profit for the attacker.
According to the investigation, the hacker constantly changes his place of residence, travelling from Poltava, Odesa, Zaporizhzhia, and Dnipropetrovsk (Poltava), hoping to confuse the trace. In the raids, authorities seized a cache of digital evidence: computers, cellphones and banking cards.
The forensic examination revealed the suspect’s presence on a number of cut forums and revealed him to have links to stolen email credentials, cryptocurrency wallets containing illicitly mined coins, and custom scripts and tools for data theft and remote access.
Cryptojacking, an emerging threat in cybersecurity, enables attackers to use victim’s machines for mining cryptocurrency without their knowledge or authorization. This parasitic operation can drain the financial resources of both them and their employers with higher electricity bills, reduced system performance, and possible degradation of hardware. For hosting companies, that means lots of huge a unauthorized loads on resources, and a big fat bill to pay for it all.
The person now have been charged under Ukrainian criminal law with a severe punishment in form of up to 15 years in prison and a 3-year long ban from the engage in high-risk activities. The investigation is continuing and more charges could be laid as fresh evidence comes to light, police said.
Following this major crackdown, Ukrainian law enforcement together with Europol is calling for users and businesses to check their online security settings and practises. Making sure employees use strong, unique passwords and MFA for all cloud accounts, reviewing account activity on a regular basis, and quickly stopping access for unfamiliar devices or apps can help to defend against potential threats.
This is a painful reminder of the omnipresent and increasingly aggressive nature of cybercrime and highlights that – despite the significant resources invested by both the public and private sector – the criminals have developed sophisticated techniques that can be hard to counter.
