Hackers Set Up ‘Parasitic’ Crypto Mining Operations Using Stolen NSA Tools

As it turns out, the case of a mysterious group of hackers installing illicit software inside the servers of Transneft, Russia’s largest oil-pipeline company, wasn’t an isolated incident. According to Bloomberg, detected cases of illegal crypto mining have surged 459% in 2018 compared with last year.

Citing a report by the Cyber Threat Alliance, the spike is tied to the 2017 leak of Eternal Blue, the NSA hacking exploit that utilizes a flaw in Microsoft operating systems to allow hackers unprecedented access to otherwise secure cyber-infrastructure. The exploit first made headlines last summer, when it was publicly leaked by the Shadow Brokers, a mysterious group of hackers who allegedly have ties to Russia or North Korea (who can keep track?).

Hacker

The Shadow Brokers famously offered a subscription service to hacking groups allowing them preferential access to a trove of NSA hacking tools that the group allegedly stole from the US government. After the Eternal Blue exploit was linked to both the WannaCry and NotPetya global hacking attacks, the group’s public profile diminished significantly, but continued to release tools allegedly stolen in that breach. 

Though it is unclear who was behind the surge in illicit crypto mining, as of July of this year, 85% of all illicit cryptocurrency mining has targeted Monero, while bitcoin made up a paltry 8%.

Hackers can “sit back and watch the money roll in,” said Neil Jenkins, chief analytic officer of Cyber Threat Alliance, a group formed in 2014 by a consortium of cyber-security firms to share intelligence about cyber-threats. While the hacks are occurring across the globe, a significant portion are in the U.S., he added.

Microsoft said it has released a software update that will protect against Eternal Blue. Still, companies regard this mining as a threat and a cybersecurity risk as it allows hackers to feed off their resources like a parasite to enrich themselves.

“The threat of illicit cryptocurrency mining represents an increasingly common cybersecurity risk for enterprises and individuals,” according to the report. And the “rapid growth shows no signs of slowing down.”

Then again, seeing as these tools have all been linked to the NSA, who is to say these hacks aren’t part of a wider government operation overseen by US intelligence, or some other shadowy state-backed actor?