A group of attackers is running a cryptomining operation that leverages the free or trial-based cloud computing resources and platforms offered by several service providers including GitHub, Heroku, and Togglebox. The operation is highly automated using CI/CD processes and involves the creation of tens of thousands of fake accounts and the use of stolen or fake credit cards to activate time-limited trials.
Researchers from Palo Alto Networks’ Unit 42 have dubbed the group Automated Libra and believe it’s based in South Africa. During the peak of the campaign, dubbed PurpleUrchin, in November, the group was registering between three and five GitHub accounts every minute using automated CAPTCHA defeating processes with the intention to abuse GitHub Actions workflows for mining.
More Stories
NCSC Expands Election Cybersecurity to Safeguard Candidates and Officials
The National Cyber Security Centre launches an opt-in Personal Internet Protection service to safeguard individuals from cyber threats during the...
How To Spot A Fake Facebook Account
How do you manage your Facebook friends? Do you keep your list really tight and only include ‘active’ pals? Or...
Google Expands Synthetic Content Watermarking Tool to AI-Generated Text
Google DeepMind’s SynthID can now be used to watermark AI-generated images, audio, text and video Read More
Santander Customer Data Compromised Following Third-Party Breach
Santander has warned that customer and employee data has been breached following unauthorized access to a database held by a...
Current Market Forces Disincentivizing Cybersecurity, Says NCSC CTO
NCSC CTO argues current market rewards prioritize cost over security, hindering the development of secure technology Read More
Expanding Horizons: LevelBlue Enhances MSSP Offerings with Government Cloud Support
In today's digital landscape, cybersecurity is paramount, especially for government agencies entrusted with safeguarding sensitive data and critical infrastructure. Recognizing...