A threat actor, presumably from Tunisia, has been linked to a new campaign targeting exposed Jupyter Notebooks in a two-fold attempt to illicitly mine cryptocurrency and breach cloud environments.
DubbedΒ QubitstrikeΒ by Cado, the intrusion set utilizes Telegram API to exfiltrate cloud service provider credentials following a successful compromise.
"The payloads for the Qubitstrike campaign are
A novel cloud-native cryptojacking operation has set its eyes on uncommon Amazon Web Services (AWS) offerings such as AWS Amplify, AWS Fargate, and Amazon SageMaker to illicitly mine cryptocurrency.
The malicious cyber activity has been codenamedΒ AMBERSQUIDΒ by cloud and container security firm Sysdig.
"The AMBERSQUID operation was able to exploit cloud services without triggering the AWS
Suspected Russian threat actors have been targeting Eastern European users in the crypto industry with fake job opportunities as bait to install information-stealing malware on compromised hosts.
The attackers "use several highly obfuscated and under-development custom loaders in order to infect those involved in the cryptocurrency industry with Enigma stealer," Trend Micro researchers Aliakbar
A Turkish-speaking entity called Nitrokod has been attributed to an active cryptocurrency mining campaign that involves impersonating a desktop application for Google Translate to infect over 111,000 victims in 11 countries since 2019.Β
"The malicious tools can be used by anyone," Maya Horowitz, vice president of research at Check Point, said in a statement shared with The Hacker News. "They can