PurpleUrchin: GitHub Actions Hijacked for Crypto Mining

Fri, 11 Nov 2022 04:28:43 +1100

Andrew Pam <xanni [at] glasswings.com.au>

Andrew Pam
<https://thenewstack.io/purpleurchin-github-actions-hijacked-for-crypto-mining/>

"This is why we can’t have nice things. It’s great that many cloud and
continuous integration/deployment (CI/CD) providers, such as Buddy.works,
GitHub, and Heroku offer free services. But now, in a massive new case of
freejacking, the Sysdig Threat Research Team (Sysdig TRT) has found attackers
using over a million free serverless function calls, such as GitHub Actions, to
run a gigantic automated cryptocurrency mining operation, PurpleUrchin."

Via Steven Vaughan-Nichols.

Cheers,
       *** Xanni ***
--
mailto:xanni@xanadu.net               Andrew Pam
http://xanadu.com.au/                 Chief Scientist, Xanadu
https://glasswings.com.au/            Partner, Glass Wings
https://sericyb.com.au/               Manager, Serious Cybernetics

Comment via email

< Previous
November 2022
Next >
Home E-Mail Sponsors Index Search About Us
Copyright © 2022 Andrew Pam <xanni [at] glasswings.com.au>