Security researchers estimate that the financial impact of cryptominers infecting cloud servers costs victims about $53 for every $1 worth of cryptocurrency threat actors mine on hijacked devices. This activity is generally attributed to certain financially motivated hacking groups, most notably TeamTNT, that perform large-scale attacks against vulnerable Docker Hubs, AWS, Redis, and Kubernetes deployments. The threat actors load modified OS images containing XMRig, a miner for Monero (XMR), which is a privacy-oriented hard-to-trace cryptocurrency, and currently the most profitable CPU-based mining. The mining programs use the hacked device’s CPUs, so the threat actor generates income by hijacking hardware. Compared to ransomware, rogue crypto mining is a lower-risk activity for the attacker, much less likely to attract law enforcement attention. Researchers at Sysdig approximated the financial damage of cryptominers by looking into one of TeamTNT’s largest campaigns, “Chimaera,” which compromised over 10,000 endpoints. The threat actors used XMRig-Proxy to hide wallet addresses from the compromised machines and make tracking even harder, but the analysts recovered a sample of 10 wallet IDs used in the campaign.
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.