Mastermind behind 1.8 million cryptojacking scheme arrested in Ukraine

The National Police of Ukraine, with the support of Europol, arrested the alleged mastermind behind a sophisticated cryptojacking scheme.

The National Police of Ukraine, with the support of Europol, arrested an individual in Mykolaiv, Ukraine, on 9 January. The man is suspected to be the mastermind behind a sophisticated cryptojacking scheme that generated over USD 2 million (EUR 1.8 million) worth of cryptocurrencies via mining activities.

The National Police of Ukraine searched three properties to gather evidence.

“The arrest comes after months of intensive collaboration between Ukrainian authorities, Europol and a cloud provider, who worked tirelessly to identify and locate the individual behind the widespread cryptojacking operation.” reads the press release published by the Europol. “The suspect is believed to have mined over USD 2 million (EUR 1.8 million) in cryptocurrencies.”

An unnamed cloud service provider supported the investigation for months.

In cryptojacking scheme, threat actors gain unauthorized access to a cloud environment and abuse its computational power to mine cryptocurrencies.

The compromised account holders face huge cloud bills due to the abuse of their clod resources.

The investigation started in January 2023 when a cloud provider approached Europol and shared information regarding compromised cloud user accounts.

“Europol’s European Cybercrime Centre (EC3) set up a virtual command post on the action day, supporting the Ukrainian National Police from Europol’s headquarters, with analysis and forensic support on the data gathered during the searches.” continues the press release.

Below are recommendations provided by Europol to prevent becoming victims of a cryptojacking scheme:

• Robust access controls: Implement strong authentication methods and access controls to prevent unauthorized access to cloud resources.
• Continuous monitoring: Continuously monitor cloud environments for any signs of suspicious activities, unauthorized access, or unusual resource consumption.
• Maintain security: Regularly update all cloud resources, including virtual machines and containers, with the latest security patches to address vulnerabilities.
• Leverage security services: Utilize cloud service provider-offered security services and tools to enhance overall security posture.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, cryptojacking scheme)