Authorities in Ukraine have apprehended a 29-year-old individual for illegally mining cryptocurrencies by compromising cloud accounts. The collaborative effort between Europol and an unnamed cloud service provider exposed a sophisticated cryptojacking scheme, resulting in the arrest on January 9 in Mykolaiv.
Arrest and Investigation Collaboration
Europol, in a press statement on January 12, disclosed that the arrest was a joint operation with a cloud service provider. The suspect is accused of mining over $2 million in cryptocurrencies through compromised accounts.
Automated Breach of 1,500 Accounts
Ukrainian cyber police, involved in the operation, highlighted the use of automated tools by the individual. The perpetrator forcefully breached the passwords of 1,500 accounts belonging to an undisclosed e-commerce subsidiary. The suspect leveraged compromised accounts to obtain administrative privileges, subsequently creating over one million virtual computers for large-scale crypto mining. TON cryptocurrency wallets were allegedly used to facilitate the movement of illegal proceeds.
Tip-off and Operation Details
The investigation was triggered by a tip-off from the cloud service provider, who approached Europol in January 2023 with information about compromised cloud user accounts. Three properties were searched during the operation, confirming the provider's tip-off.
Europol's European Cybercrime Centre (EC3) established a virtual command post on auction day, supporting the Ukrainian National Police with analysis and forensic assistance.
Legal Consequences
The apprehended suspect has reportedly engaged in illicit activities since 2021. Ukrainian authorities have initiated criminal proceedings under relevant sections of the Criminal Code, and the suspect is set to face prosecution.
Cryptojacking in Cloud Environments
Cryptojacking in a cloud environment involves unauthorized access to cloud computing infrastructure by malicious actors. They exploit computational power for cryptocurrency mining, avoiding server and power costs, thereby maximizing profits. Compromised account holders face substantial cloud bills.