The Google cybersecurity team has published a new report on security threats to users and the activities of cybercriminals who break into poorly protected Google Cloud accounts and use them to mine cryptocurrencies. In addition, the experts spoke about the massive attacks by Russian and North Korean hackers.
According to the report, 86% of recently hacked Google Cloud accounts have been used for cryptocurrency mining, which requires a lot of computing power, which Google Cloud customers can access for an additional fee. Attackers, on average, downloaded malicious software within 22 seconds after the hack, after which users lost access to their cloud accounts, and, in addition, money was debited from their accounts to pay for additional mining power.
Our telegram channel ” ISRObit – The World of Cryptocurrency “.
Google also reported on a major phishing campaign organized by “a group of Russian hackers with links to the government,” called APT28 / Fancy Bear. The target of the attack was Gmail mail accounts. More than 12 thousand users were sent letters allegedly from the administration of the postal service, in which it was reported that intruders had access to their account, therefore it is necessary to urgently follow the link and change the password, after which the cybercriminals received full access to the accounts of the frightened users.
In addition to Russian hackers, their North Korean counterparts also appeared on the radar. Attackers from North Korea posed as recruiters for recruitment agencies recruiting specialists for Samsung. Emails offering fake jobs were sent to employees of several South Korean information security companies. A PDF file was attached to the emails, allegedly containing a job description at Samsung, but the PDF files were corrupted and would not open. When “potential employees” wrote back that they could not open the file, they were sent an email with a link to the malware.