Attackers create 130K fake accounts to abuse limited-time cloud computing resources

January 5, 2023

Read Time:39 Second

A group of attackers is running a cryptomining operation that leverages the free or trial-based cloud computing resources and platforms offered by several service providers including GitHub, Heroku, and Togglebox. The operation is highly automated using CI/CD processes and involves the creation of tens of thousands of fake accounts and the use of stolen or fake credit cards to activate time-limited trials.

Researchers from Palo Alto Networks’ Unit 42 have dubbed the group Automated Libra and believe it’s based in South Africa. During the peak of the campaign, dubbed PurpleUrchin, in November, the group was registering between three and five GitHub accounts every minute using automated CAPTCHA defeating processes with the intention to abuse GitHub Actions workflows for mining.

To read this article in full, please click here

The AI Fix #30: ChatGPT reveals the devastating truth about Santa (Merry Christmas!)

US and Japan Blame North Korea for $308m Crypto Heist

Spyware Maker NSO Group Found Liable for Hacking WhatsApp

Spyware Maker NSO Group Liable for WhatsApp User Hacks

Major Biometric Data Farming Operation Uncovered

Ransomware Attack Exposes Data of 5.6 Million Ascension Patients

Critical Vulnerabilities Found in WordPress Plugins WPLMS and VibeBP

Criminal Complaint against LockBit Ransomware Writer

Cryptomining Malware Found in Popular Open Source Packages