Google’s Cybersecurity Action Team warned that cryptocurrency miners are hacking Google Cloud accounts to use them for intensive mining purposes, since it is a very profitable, but expensive activity. Crypto mining is the process of gaining cryptocurrencies by solving cryptographic equations using high-power computers.

Details of the security breach were provided in a Threat Horizons report released last Wednesday. The report is intended to provide intelligence that allows organizations to keep their cloud environments safe and it is based on threat intelligence observations from the Threat Analysis Group (TAG), Google Cloud Threat Intelligence for Chronicle, Trust and Safety, and other internal teams.

Cryptocurrency mining often requires large amounts of computing power, which can be accessed for a fee by Google Cloud customers. Malicious actors hack those accounts to conduct crypto mining, since it is a lucrative activity. 

According to Google’s report, 86% of the 50 Google Cloud accounts that were recently compromised were used for this purpose and, in most cases, a cryptocurrency mining software was downloaded within 22 seconds after the account was hacked. The shortest amount of time between deploying a vulnerable Cloud instance and its compromise was determined to be 30 minutes.

About 10% of the compromised accounts were used to conduct port scanning of other targets on the internet, 8% to launch attacks against other targets on the internet, 6% to host malware, 4% to host unauthorized content on the internet, 2% to launch DDoS bot and the last 2% to send spam. 

Google researchers also exposed a phishing attack by the Russian government-backed APT28 group, known as Fancy Bear, in September, but the search giant was able to block the attack. Another hacking involved a North Korean government-backed threat group posing as Samsung recruiters to send fake job opportuni