Palo Alto Networks Unit 42 Researchers today published details on an active campaign called EleKtra-Leak, which performs automated targeting of exposed identity and access management (IAM) credentials within public GitHub repositories. As a result of this, the threat actor associated with the campaign was able to create multiple AWS Elastic Compute (EC2) instances that they used for wide-ranging and long-lasting cryptojacking operations:
Unit 42 researchers have identified an active campaign we are calling EleKtra-Leak, which performs automated targeting of exposed identity and access management (IAM) credentials within public GitHub repositories. As a result of this, the threat actor associated with the campaign was able to create multiple AWS Elastic Compute (EC2) instances that they used for wide-ranging and long-lasting cryptojacking operations. We believe these operations have been active for at least two years and are still active today.
We found that the actor was able to detect and use the exposed IAM credentials within five minutes of their initial exposure on GitHub. This finding specifically highlights how threat actors can leverage cloud automation techniques to achieve their goals of expanding their cryptojacking operations.
Jeff Williams, co-founder and CTO of Contrast Security, commented:
“Disappointing that we are struggling with the very simplest of cybersecurity issues. It’s not complicated, you just don’t post your keys in public. However, it’s also not fair to blame developers. There are thousands of these kinds of issues, and they have to perform perfectly on all of them or get dragged for being dumb or lazy. We need better authentication systems that make it easier for developers to make good choices. They should never be tempted to put their keys in AWS because doing things the right way is too difficult. Let’s make the secure path the easiest one as well.”
This Unit 42 report is very much worth reading as it provides a ton of insightful and actionable information. Thus you should put reading this report on your to do list.
Like this:
Like Loading...
Related
This entry was posted on October 30, 2023 at 3:46 pm and is filed under Commentary with tags Palo Alto. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
EleKtra-Leak Cryptojacking Attacks Discovered By Palo Alto Networks
Palo Alto Networks Unit 42 Researchers today published details on an active campaign called EleKtra-Leak, which performs automated targeting of exposed identity and access management (IAM) credentials within public GitHub repositories. As a result of this, the threat actor associated with the campaign was able to create multiple AWS Elastic Compute (EC2) instances that they used for wide-ranging and long-lasting cryptojacking operations:
Unit 42 researchers have identified an active campaign we are calling EleKtra-Leak, which performs automated targeting of exposed identity and access management (IAM) credentials within public GitHub repositories. As a result of this, the threat actor associated with the campaign was able to create multiple AWS Elastic Compute (EC2) instances that they used for wide-ranging and long-lasting cryptojacking operations. We believe these operations have been active for at least two years and are still active today.
We found that the actor was able to detect and use the exposed IAM credentials within five minutes of their initial exposure on GitHub. This finding specifically highlights how threat actors can leverage cloud automation techniques to achieve their goals of expanding their cryptojacking operations.
Jeff Williams, co-founder and CTO of Contrast Security, commented:
“Disappointing that we are struggling with the very simplest of cybersecurity issues. It’s not complicated, you just don’t post your keys in public. However, it’s also not fair to blame developers. There are thousands of these kinds of issues, and they have to perform perfectly on all of them or get dragged for being dumb or lazy. We need better authentication systems that make it easier for developers to make good choices. They should never be tempted to put their keys in AWS because doing things the right way is too difficult. Let’s make the secure path the easiest one as well.”
This Unit 42 report is very much worth reading as it provides a ton of insightful and actionable information. Thus you should put reading this report on your to do list.
Share this:
Like this:
Related
This entry was posted on October 30, 2023 at 3:46 pm and is filed under Commentary with tags Palo Alto. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.