Google Cloud mostly targeted by crypto miners


Bitcoin mining was in the spotlight many times in the past and not always for the best reasons. It is widely known that mining cryptocurrencies is an expensive and consuming task. Even billionaires like Elon Musk have criticized mining for its environmental affects. Countries like China even went as far as banning crypto mining all-together. Despite all this bad publicity, mining can be environmentally friendly when using green energy sources. On the down side, mining using green energy is not cheap and thus not very common.

Breaching to Mine

Most people mining are doing so for the profits. Thus minimizing expenses is one of the main tasks every miner faces. Some miners found new ways to mine with no expenses. No expense for them that is, as they used compromised Google Cloud accounts to accelerate their mining efforts.

A report was published by Google's cyber-security team titled "Threat Horizons". According to google, the goal of the report is "to provide actionable intelligence that enables organizations to ensure their cloud environments are best protected against ever-evolving threats". The publication documents the recent breach of Google's platform security. It was revealed that over 85% of breaches on Google Cloud are done to perform crypto mining.

The report also went on to note that most of the attackers took advantage of poor customer security. Some even leveraged third-party software vulnerability in the users cloud. It was also noted that on average, after an account was breached, mining software was downloaded withing 22 seconds. According to the tech giant, most of the incidents were machine-led meaning that they did not feature any human interaction. This was concluded because of the 22 seconds it took to install the exploit.

Other Threats

Following the same report, Google also reported on other threats that are faced by their systems. According to google, the Russian government backed APT28 group targeted many Gmail users. Reportedly 12,000 accounts were targeted in a mass phishing campaign. The group sent fake emails to users that looked like they came from google. This was done to trick users into submitting their log-in information to the hacking group.

Another red flag raised by the report included a North Korea backed hacker group. The threat actors send fake job opportunities that looked like they came from Samsung. They specifically targeted South Koreans. If victims clicked on the job offer they were directed to malware stored in Google drive. Google said that the link and malware has now been blocked.


Google made a few recommendations for its cloud customers in order to improve their security. The main recommendation was to enable two-factor authentication. Signing up for the company's 'work safer' security program was also recommended.




Jan. 10, 2022