Crypto mining hackers or is there something more they could be up to?

Not your usual bloguverse post coming up. I’ve been in the woods for sometime and finally getting time to put some data back out here. While I’ve always been focused on crypto mining, specifically with ASICs, I wanted to cover some other topics related to mining. There’s always the bad that accompanies the good and I’ve been studying up on some of the lesser known, dark sides of mining.

Lately I’ve been researching hackers taking advantage of networks and cloud computing accounts, specifically accounts where large number of instances can be launched to run crypto mining software. Having looked into legitimate use in the past, I’ve found it’s not financially feasible, especially with POW cryptos like Ethereum going to POS. GPU’s were king not too long ago, however now they’ve been primarily sidelined from their moment in the sun. Furthermore, CPU mining is just not efficient. There are some folks that do it though, and to make it financially worth while, they’re hacking into your systems to do it. It’s called Cryptojacking and it’s on the rise.

These hackers find weaknesses on any network, searching through routers, IoT devices, and jump from small to large cloud accounts they’ve hacked, really not caring how many instances they launch from each account, they’re in and out fairly quickly. The setup common mining software, such as XMRig, and mine to an anonymous address (often mining Monero.) They’re gotten so sophisticated they even launch functions on cloud services instead of simply an OS system instance.

This happens daily, but what really caught my eye was just last week when an Iranian group hacked into the US Merit Systems Protection Board, by exploiting Log4Shell (critical zero-day vulnerability), and cryptojacked the network for what appears several months, and what else did they do??

The real question is whether this was just a group targeting the network for crypto mining or was that just a red herring for what they were really after. Keeping OS and software patches current, antivirus signatures up to date, strong unique passwords, and a good intrusion detection system is important for everyone.

The other, generally less thought about, danger here is that the hackers installed XMRig on the compromised network computers. Depending on the mining configuration they set this can easily overheat and possibly permanently damage the GPU’s and CPU’s on the compromised computers. Additionally, it’s not uncommon in the mining world for GPU’s to exhibit thermal runaway, catching fire, and causing a much larger disaster.

Patch, patch, patch your systems!

Leave a Reply

Your email address will not be published. Required fields are marked *