Ukrainian Police Arrest Cryptojacking Hacker

Published: 16 January 2024

Ukraine HackerUkrainian police seized electronic devices, SIM and bank card from the suspected hacker. (Photo: Національна поліція України, License)

By Zdravko Ljubas

The Ukrainian National Police said on Friday that they had arrested a hacker in the southern city of Mykolaiv in connection with a sophisticated scheme to hijack cloud computers to mine cryptocurrencies, a ploy known as “cryptojacking.”

Over the last two years, the 29-year-old suspect allegedly managed to mine nearly US$2 million in cryptocurrencies. The authorities did not release either the suspect’s name or the name of the U.S. company whose server was allegedly misused.

The suspect is accused of infecting that server with malware, known as a “miner virus” — malicious software that steals a computer’s resources to generate cryptocurrency, allowing the hacker to steal money and transfer it to controlled electronic wallets.

According to the police, the suspect hacked 1,500 accounts belonging to the unnamed company’s clients, using a technique known as brute force—self-developed software for automatic password selection.

He then used the compromised accounts to gain access to the cloud computing provider, secretly infecting the company’s server with the malicious software.

The suspect used its computational power to mine cryptocurrencies, allowing him to avoid paying for server time and power.

The stolen computer time typically cost more than the profits mined, so that compromised account holders were left with substantial cloud bills.

During the search of the suspect’s home, the police seized “computer equipment, bank and SIM cards, electronic media, and other evidence of illegal activity.”

The investigation into the case continues, with authorities targeting potential accomplices of the suspect and examining his possible connections with a pro-Russian hacker group, according to Ukrainian police.

Europol, the European Union Agency for Law Enforcement Cooperation, which supported the operation, said that the arrest followed “months of intensive collaboration between Ukrainian authorities, Europol and a cloud provider, who worked tirelessly to identify and locate the individual behind the widespread cryptojacking operation.”

Europol also warned cloud users to “implement robust security practices” to protect themselves against cloud cryptojacking.

Improved security measures should include stronger authentication methods, regular monitoring of cloud environments for suspicious activities, unauthorized access, and unexpected resource utilization.

Additionally, Europol recommends regular security updates and patches, as well as the use of cloud security services and tools provided by cloud service providers to enhance security.