Security intelligence group RedLock has exposed hackers who were using Amazon Web Services (AWS) computing resources to mine bitcoin.
In a report from the intelligence company it found that at least two companies were targeted: Aviva and Gemalto, both multinational corporations.
RedLock were alerted to the situation after realizing that a number of administration consoles on AWS, Microsoft Azure, and Google Cloud platforms were not password protected. As a result, these presented opportunities for hackers to gain easy access.
The report said:
Upon deeper analysis, the team discovered that hackers were executing a bitcoin mining command from one of the Kubernetes containers.
Kubernetes is an open-source platform designed to automate deploying, scaling, and operating application containers.
The report added:
The instance had effectively been turned into a parasitic bot that was performing nefarious activity over the Internet.
According to RedLock, access keys and secret tokens were stored in plaintext within the unprotected consoles. The hackers were provided with easy access critical infrastructure where they had the opportunity to cause further damage if they wanted.
This comes at a time when there is growing concern that nation-state hackers are stealing bitcoin. Earlier this month it was confirmed by South Korean authorities that North Korea had targeted bitcoin exchanges in the country to steal the digital currency.
In September, cybersecurity firm FireEye initially reported that a state-sponsored North Korean campaign was taking place to steal bitcoin from South Korean exchanges. Authorities have said that the attacks were in the form of spear phishing attempts. Since July, 25 employees across four digital currency exchanges have been targeted.
A report last month also indicated that digital currency mining malware is on pace to infect two million computers in 2017.
Cybersecurity Labs Kaspersky Labs and technical support site Bleeping Computer found that in the first nine months of the year 1.65 million computers were infected by cryptocurrency mining malware.
Known as botnets, cyberattackers often run mining software in the background with no indication from the computer owner that they are aware their computer is infected.