wordpress blog stats
Connect with us

Hi, what are you looking for?

Malicious actors hacked Google Cloud platforms to mine cryptocurrencies: Report

Weak passwords and other poor customer practices allowed hackers to gain entry, majority of the time.

Compromised Google Cloud Platforms (GCP) were being used by malicious actors to perform cryptocurrency mining, according to a report by Google’s Cybersecurity Action Team.

The report said that of the 50 compromised GCP instances that its team observed, 86% of them were being used to perform cryptocurrency mining, which they described as a “cloud resource-intensive for profit activity”.

This report shows how malicious actors are driven by cryptocurrencies and related activities to indulge in illegal practices such as, in this case, hacking platforms. Money laundering concerns and scams have also been linked to the crypto market which is unregulated in most countries. A crypto bill is soon to be tabled in India’s Parliament.

How did the malicious actors gain access?

According to the report, “Malicious actors gained access to the Google Cloud instances by taking advantage of poor customer security practices or vulnerable third-party software in nearly 75% of all cases.”

Apart from crypto mining, hackers used stolen access to look up other vulnerable victims | Source: Google


Analysis of the reasons behind the compromise | Source: Google

The researchers said that the malicious actors routinely scan public IP addresses to keep a track of vulnerable Google cloud spaces. This enabled the actors to compromise vulnerable Google cloud platforms in a short amount of time.

In 40% of instances the time to compromise was under eight hours. This suggests that the public IP address space is routinely scanned for vulnerable Cloud instances. It will not be a matter of if a vulnerable Cloud instance is detected, but rather when — Google report

The malicious actors were also very fast in downloading the cryptocurrency mining software after compromising the cloud platforms, the report mentioned.

Advertisement. Scroll to continue reading.

Source: Google

A few other instances of Cloud platforms getting compromised —

  • Microsoft Azure: In August 2021, Wiz, a cloud security platform, highlighted a vulnerability in Microsoft Azure’s database. Wiz was able to gain “complete unrestricted access to accounts and databases of several thousand Microsoft Azure customers, including many Fortune 500 companies”, according to a Wiz.io blog.
  • Amazon Web Services: In February, Amazon Web Services admitted that hackers used its systems in the SolarWinds campaign but reiterated the cloud computing giant wasn’t itself infected with malware, according to a report by CRN.

North Korean malicious actors impersonate employment recruiters

Google’s threat analysis team also observed a Korean government-backed attacker group posing as Samsung recruiters and sending fake job opportunities to employees at multiple South Korean information security companies that sell anti-malware solutions.

The emails included a PDF allegedly claiming to be of a job description for a role at Samsung; however, the PDFs were malformed and did not open in a standard PDF reader. When targets replied that they could not open the job description, hackers responded with a malicious link to malware purporting to be a “Secure PDF Reader” stored in Google Drive which has now been blocked — Google report

These are the other discoveries made by Google in the report —

Threat actors deploy new tactics to generate YouTube traffic: The cybersecurity team observed a group of hackers abusing Google Cloud resources to generate traffic to YouTube for view count manipulation.

Attackers have continued to exploit Google Cloud projects where free credits were provided to engage in traffic pumping to YouTube, and there is a likelihood that attackers will continue to exploit Cloud instances for the same purpose — Google report

Black Matter ransomware extorting money from victims: The report described Black Matter as a “configurable, whole-system and network share encryption tool” that is capable of encrypting files on a victim’s hard drive in a relatively short period of time by distributing the workload across multiple threads. This ransomware is currently being used to extort money from victims by locking their files using encryption, the report said.

India is one of the most affected by a Russia-backed phishing attack

India, apart from the United States of America and the United Kingdom, was one among the most affected countries that were allegedly targeted by a Russian government-backed APt28/Fancy Bear Gmail phishing campaign, the report by Google’s Cybersecurity Action Team also said.

The report said that Google’s  Team observed a large-scale attack of a credential phishing campaign targeting more than 12,000 Gmail accounts by this threat actor. Fancy Bear earlier used to target Yahoo! and Microsoft users, the report said. Other countries that were targeted include Canada, Russia, Brazil, and members of the European Union.

Also read:

Advertisement. Scroll to continue reading.

Have something to add? Post your comment and gift someone a MediaNama subscription.

Written By

Among other subjects, I cover the increasing usage of emerging technologies, especially for surveillance in India

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



The Delhi High Court should quash the government's order to block Tanul Thakur's website in light of the Shreya Singhal verdict by the Supreme...


Releasing the policy is akin to putting the proverbial 'cart before the horse'.


The industry's growth is being weighed down by taxation and legal uncertainty.


Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.


Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ