A group of attackers is running a cryptomining operation that leverages the free or trial-based cloud computing resources and platforms offered by several service providers including GitHub, Heroku, and Togglebox. The operation is highly automated using CI/CD processes and involves the creation of tens of thousands of fake accounts and the use of stolen or fake credit cards to activate time-limited trials.
Researchers from Palo Alto Networks’ Unit 42 have dubbed the group Automated Libra and believe it’s based in South Africa. During the peak of the campaign, dubbed PurpleUrchin, in November, the group was registering between three and five GitHub accounts every minute using automated CAPTCHA defeating processes with the intention to abuse GitHub Actions workflows for mining.
To read this article in full, please click here
More Stories
Visualize Change with an Out-of-the-Box Configuration Report
CIS is releasing an out-of-the-box configuration report to help give you visibility in the software updates we’ve implemented from one...
Planet Ice hacked! 240,000 skating fans’ details stolen
Planet Ice, which operates 14 ice rinks up and down the UK, has revealed that criminal hackers managed to break...
GitHub Confirms Signing Certificates Stolen in Cyber-Attack, Revokes Them
Revoking these certificates will invalidate some versions of GitHub Desktop for Mac and Atom Read More
DocuSign Brand Impersonation Attack Bypasses Security Measures, Targets Over 10,000
Victims were redirected to a fake landing page to exfiltrate their Proofpoint credentials Read More
Financial Services Targeted in 28% of UK Cyber-Attacks Last Year
API attacks, bad bots and DDoS attacks were the industry's main security challenges Read More
IoT, connected devices biggest contributors to expanding application attack surface
The growth of the internet of things (IoT) and connected devices are the biggest contributing factors to organizations’ expanding attack...