Hackers hacked Tesla instance on AWS and mine cryptocurrency there

Company Ilona Mask Tesla Inc. became an unwitting victim of cryptohackers. The fact is that unknown attackers were able to gain access to the company's account on the cloud service Amazon Web Services and began to mine cryptocurrency there. The fact of hacking was discovered not by Tesla employees, but by an information security startup called RedLock Cloud Security Intelligence.

The company itself has been studying the security problems of the Kubernetes administrative consoles. As it turned out, access could be obtained from the outside, and password protection did not help very well. The administration systems themselves are designed for system administrators, helping them to work with virtual machines.

Not only Tesla, but also a number of other companies, were hacked. Among them - the British insurance company, the largest manufacturer of SIM-cards in the world and some others. Having gained access to the console, the attacker was provided with access data to the AWS accounts of the specified companies, and in some cases Microsoft Azure. During further investigation, it turned out that hackers used the capabilities of company accounts to mine cryptocurrency.

The investigation also revealed that the hackers got to the Tesla account. The attack was carried out in about the same way as in the case of the two companies mentioned above, but there were also differences.

“The couple of instances we studied belonged to Aviva, a British multinational insurance company, and Gemalto, the largest manufacturer of SIM cards. Having access to the console, the attackers also had access to AWS and Mcirosoft Azure services, ”said the company that conducted the investigation.

“Hackers launched an attack on Tesla's Kubernetes console, which, by the way, is not password protected. And inside, the attackers found all the access data for Amazon S3 (Amazon Simple Storage Service). Inside there was a large amount of private data of the company, including telemetry, ”RedLock said.

The attackers were quite careful. To ensure that no one noticed their activities, cryptohackers did not use the well-known mining pools. Instead, specialized applications were developed by themselves that were connected to a partially public outlet. They also hid the IP using the well-known CDF service CloudFlare.

After Tesla representatives found out about the problem, mining was eliminated. The company, in order to protect itself even more, announced an award to information security specialists who would help detect other vulnerabilities.

As for the compromised data, they were related only to the electric vehicles used by the company, and not to the vehicles that belonged to customers.

According to RedLock, about 58% of corporations use those or other cloud services. And 8% of the total number of victims were cryptohackers. As far as it is possible to understand, this threat is becoming more and more relevant, therefore it is necessary to pay more attention to it.

Generally speaking, cryptohackers are getting bigger. Last week, hackers managed to inject a miner’s script into thousands of sites, including UK and US government resources. The problem was a vulnerable plug-in reading text from the screen that many sites used. After hacking the plugin, the attackers uploaded the miner code of the cryptocurrency Monero into it. The miner himself is known not bad - this is Coinhive, which is popular among the "cryptographers". The total number of sites in one way or another affected by hacking amounted to 4200 addresses.

Miner install not only the attackers, but also the site owners themselves. ThePirateBay torrent tracker administrators especially like to do this. For the first time, they tried out the method of cryptocurrency mining with the help of users last year. After the visitors were outraged, the miner was removed from the code, but then reappeared. According to the administration of the resource, it is thus trying to create an additional source of income to maintain the resource.