Crandi

Hackers Use Captcha Bypass To Make 20k Github Accounts In A Month

Leo Migdal
-
hackers use captcha bypass to make 20k github accounts in a month

South African threat actors known as 'Automated Libra' has been improving their techniques to make a profit by using cloud platform resources for cryptocurrency mining. According to Palo Alto Networks Unit 42, the threat actors use a new CAPTCHA solving system, follow a more aggressive use of CPU resources for mining, and mixe 'freejacking' with the "Play and Run"... 'Automated Libra' was first exposed by analysts at Sysdig in October 2022, who named the malicious cluster of activity 'PurpleUrchin' and believed the group was devoted to freejacking operations. Unit 42 has dived deeper into this operation, analyzing over 250 GB of collected data and uncovering a lot more about the threat actor's infrastructure, history, and techniques. The threat actor runs automated campaigns abusing continuous integration and deployment (CI/CD) service providers, such as GitHub, Heroku, Buddy.works, and Togglebox, to set up new accounts on the platforms and run cryptocurrency miners in... Researchers from Unit 42 analyze Automated Libra, the group of cloud threat actors responsible for PurpleUrchin, the freejacking campaign.

It is been observed that Automated Libra has been refining its methods to profit from cloud platform resources used for cryptocurrency mining. Threat actors abuse free cloud resources by using a new CAPTCHA-solving technique, more aggressive CPU resource utilization for mining, and a mix of “freejacking” and the “Play and Run” method. PURPLEURCHIN was initially identified in October 2022 when Sysdig disclosed that the attackers scaled their operations by opening 30 GitHub accounts, 2,000 Heroku accounts, and 900 Buddy accounts. “We collected more than 250 GB of container data created for the PurpleUrchin operation and discovered that the threat actors behind this campaign were creating three to five GitHub accounts every minute during the... South African threat actors known as 'Automated Libra' has been improving their techniques to make a profit by using cloud platform resources for cryptocurrency mining. According to Palo Alto Networks Unit 42, the threat actors use a new CAPTCHA solving system, follow a more aggressive use of CPU resources for mining, and mixe 'freejacking' with the "Play and Run"...

'Automated Libra' was first exposed by analysts at Sysdig in October 2022, who named the malicious cluster of activity 'PurpleUrchin' and believed the group was devoted to freejacking operations. Unit 42 has dived deeper into this operation, analyzing over 250 GB of collected data and uncovering a lot more about the threat actor's infrastructure, history, and techniques. The threat actor runs automated campaigns abusing continuous integration and deployment (CI/CD) service providers, such as GitHub, Heroku, Buddy.works, and Togglebox, to set up new accounts on the platforms and run cryptocurrency miners in... A South Africa-based threat actor known as Automated Libra has been observed employing CAPTCHA bypass techniques to create GitHub accounts in a programmatic fashion as part of a freejacking campaign dubbed PURPLEURCHIN. The group “primarily targets cloud platforms offering limited-time trials of cloud resources in order to perform their crypto mining operations,” Palo Alto Networks Unit 42 researchers William Gamazo and Nathaniel Quist said. PURPLEURCHIN first came to light in October 2022 when Sysdig disclosed that the adversary created as many as 30 GitHub accounts, 2,000 Heroku accounts, and 900 Buddy accounts to scale its operation.

Now according to Unit 42, the cloud threat actor group created three to five GitHub accounts every minute at the height of its activity in November 2022, totally setting up over 130,000 bogus accounts... More than 22,000 GitHub accounts are estimated to have been created between September and November 2022, three in September, 1,652 in October, and 20,725 in November. A total of 100,723 unique Heroku accounts have also been identified. Researchers from Unit 42 analyze Automated Libra, the group of cloud threat actors responsible for PurpleUrchin, the freejacking campaign. It is been observed that Automated Libra has been refining its methods to profit from cloud platform resources used for cryptocurrency mining. Threat actors abuse free cloud resources by using a new CAPTCHA-solving technique, more aggressive CPU resource utilization for mining, and a mix of “freejacking” and the “Play and Run” method.

PURPLEURCHIN was initially identified in October 2022 when Sysdig disclosed that the attackers scaled their operations by opening 30 GitHub accounts, 2,000 Heroku accounts, and 900 Buddy accounts. “We collected more than 250 GB of container data created for the PurpleUrchin operation and discovered that the threat actors behind this campaign were creating three to five GitHub accounts every minute during the...

People Also Search

South African Threat Actors Known As 'Automated Libra' Has Been

South African threat actors known as 'Automated Libra' has been improving their techniques to make a profit by using cloud platform resources for cryptocurrency mining. According to Palo Alto Networks Unit 42, the threat actors use a new CAPTCHA solving system, follow a more aggressive use of CPU resources for mining, and mixe 'freejacking' with the "Play and Run"... 'Automated Libra' was first ex...

It Is Been Observed That Automated Libra Has Been Refining

It is been observed that Automated Libra has been refining its methods to profit from cloud platform resources used for cryptocurrency mining. Threat actors abuse free cloud resources by using a new CAPTCHA-solving technique, more aggressive CPU resource utilization for mining, and a mix of “freejacking” and the “Play and Run” method. PURPLEURCHIN was initially identified in October 2022 when Sysd...

'Automated Libra' Was First Exposed By Analysts At Sysdig In

'Automated Libra' was first exposed by analysts at Sysdig in October 2022, who named the malicious cluster of activity 'PurpleUrchin' and believed the group was devoted to freejacking operations. Unit 42 has dived deeper into this operation, analyzing over 250 GB of collected data and uncovering a lot more about the threat actor's infrastructure, history, and techniques. The threat actor runs auto...

Now According To Unit 42, The Cloud Threat Actor Group

Now according to Unit 42, the cloud threat actor group created three to five GitHub accounts every minute at the height of its activity in November 2022, totally setting up over 130,000 bogus accounts... More than 22,000 GitHub accounts are estimated to have been created between September and November 2022, three in September, 1,652 in October, and 20,725 in November. A total of 100,723 unique Her...

PURPLEURCHIN Was Initially Identified In October 2022 When Sysdig Disclosed

PURPLEURCHIN was initially identified in October 2022 when Sysdig disclosed that the attackers scaled their operations by opening 30 GitHub accounts, 2,000 Heroku accounts, and 900 Buddy accounts. “We collected more than 250 GB of container data created for the PurpleUrchin operation and discovered that the threat actors behind this campaign were creating three to five GitHub accounts every minute...