Security researchers have uncovered a multi-year cryptojacking campaign they claim autonomously clones GitHub repositories and steals their exposed AWS credentials.
Given the name “EleKtra-Leak” by researchers at Palo Alto Networks’s Unit 42, the criminals behind the campaign are credited with regularly stealing AWS credentials within five minutes of them being exposed in GitHub repositories.
Minutes later, multiple Amazon Elastic Compute Cloud (EC2) instances can be launched in as many regions as possible to mine Monero. In the space of just over a month, between August 30 and October 6, the researchers identified 474 different miners being operated by “potentially actor-controlled EC2 instances.”
