CloudNews & Analysis

Hackers Using Google Cloud to Mine Crypto and Why it Matters

Google has released a new report raising concerns over hacked cloud accounts being used to mine cryptocurrency.


As cryptocurrency gains more widespread acceptance and usage, hackers are using compromised cloud accounts to mine cryptocurrencies. Google has released a new report called “Threat Horizons” stating that malicious cryptocurrency miners are using hacked Google Cloud accounts for mining purposes.

Cryptomining refers to the process of gaining cryptocurrencies by solving cryptographic equations with the use of high-power computers.  This also means attackers can earn cryptocurrencies directly, instead of having to make fiat currency deposits to an exchange or wallet coming under the spotlight.

“While cloud customers continue to face a variety of threats across applications and infrastructure, many successful attacks are due to poor hygiene and a lack of basic control implementation. Most recently, our team has responded to cryptocurrency mining abuse, phishing campaigns, and ransomware,” wrote Google in an executive summary of the report.

“Malicious actors were observed performing cryptocurrency mining within compromised Cloud instances,” the report said. It added that of 50 recent examples, 86% of cases showed that hackers were mining cryptocurrencies with the accounts.

Google Cloud is the one of the most popular Cloud Computing platforms along with AWS and Microsoft Azure, and is technically capable of being used for crypto mining.

The report, published by the Google Cyber security Action Team, intends to “provide actionable intelligence that enables organizations to ensure their cloud environments are best protected,” Google said.

According to the report, the two common goals behind this activity involve “obtaining profit” and “traffic pumping.” Other cyber threats that were identified included malware, hosting unauthorized content on the internet, spam, and launching DDoS bots.

Google’s Threat Analysis Group sounded similar alarms last month when it warned of hackers breaking into YouTube accounts to spread cryptocurrency scams.

“The channel name, profile picture, and content were all replaced with cryptocurrency branding to impersonate large tech or cryptocurrency exchange firms,” Google said at the time.

The Group added that hackers would live stream videos that promised cryptocurrency giveaways in exchange for contributions first.

These malicious actors were also Russian speakers, according to Google researchers which said, “The actors behind this campaign, which we attribute to a group of hackers recruited in a Russian-speaking forum, lure their target with fake collaboration opportunities.”

In such case, it should be noted that earlier this year, Russia’s world-famous skyscraper—Vostok—was found to house a plethora of cyber criminal activity in the heart of Moscow.

In May 2021, a massive bitcoin mining rig caught operating illegally in the UK. Last July, the Ukraine police unit exposed a massive underground crypto mining farm in the city of Vinnytsia. In October of 2021, yet another illegal crypto mining plant was discovered — this time in Alberta, Canada.

Because crypto mining is so expensive but so profitable, fraudsters choose to do it through illegal means. An analysis by the University of Cambridge had shown that Bitcoin consumes more electricity than the entire country of Argentina.

Crypto mining Trojans will continue to ravaging the Internet, according to security firm Kaspersky. Miners are special types of malicious programs, which are designed to secretly use a computer’s resources to mine cryptocurrency. Hackers can siphon as much as 70-80% of a computer’s power and use them to mine cryptocurrency.

While cloud customers continue to face a variety of threats across applications and infrastructure, many successful attacks are due to poor hygiene and a lack of basic control implementation. In the recent case on Google Cloud too, cyber attackers have exploited “poorly configured” accounts to mine cryptocurrency, said Google researchers.

According to them, organizations that put emphasis on secure implementation, monitoring and ongoing assurance will be more successful in mitigating these threats or at the very least reduce their overall impact.

Leave a Response