A recent operation led to the arrest of a 29-year-old man in Ukraine, accused of orchestrating a vast cryptojacking scheme. This scheme involved the creation of one million virtual servers, crafted using compromised accounts, to mine cryptocurrency illegally.

Europol revealed that this individual masterminded the exploitation of cloud computing resources for mining cryptocurrency, a method known as cryptojacking. This illicit practice allows hackers to generate profit by using the computing power of hijacked servers, significantly hampering the performance of these compromised systems and incurring additional power costs for the affected organizations.

A study by Sysdig in 2022 highlighted the financial impact of such schemes, estimating that for every dollar’s worth of Monero mined, the damages amounted to approximately $53.

The initial tip-off about this operation came in January 2023 from a cloud service provider noticing anomalies in their systems. This led to a collaborative investigation involving Europol, Ukrainian police, and the cloud service provider, culminating in the apprehension of the hacker on January 9th. Authorities confiscated various items during the arrest, including computer equipment and electronic media, pointing to the suspect’s illicit activities.

Further investigations revealed that the accused had been active since 2021, employing brute-force methods to breach 1,500 accounts associated with a major e-commerce entity’s subsidiary. With administrative access obtained through these accounts, the suspect set up over a million virtual machines for crypto mining. Ukrainian officials reported that the illegal proceeds, estimated at around $2 million, were channeled through TON cryptocurrency wallets.

The suspect is currently facing charges under the Ukrainian Criminal Code for unauthorized interference in electronic communication networks.

In response to the growing threat of cryptojacking, experts advise several preventative measures. These include vigilant monitoring for irregular spikes in resource usage, implementation of advanced endpoint protection, and strict control over administrative privileges. Regularly updating software with security patches and enabling two-factor authentication for administrative accounts are also essential steps in safeguarding against these cyber threats.