The Discovery of a Massive Cryptomining Operation Leveraging GitHub Actions | allinfosecnews.com

c

Jan. 13, 2023, 12:51 a.m. |

Cloud Security Alliance cloudsecurityalliance.org

Originally published by Sysdig on October 25, 2022. Written by Crystal Morin, Sysdig. The Sysdig Threat Research Team (Sysdig TRT) recently uncovered an extensive and sophisticated active cryptomining operation in which a threat actor is using some of the largest cloud and continuous integration and deployment (CI/CD) service providers; including GitHub, Heroku, Buddy.works, and others to build, run, scale, and operate their massive cloud operation. Because no one has yet reported on this act...

actions actor build cloud continuous continuous integration cryptomining crystal deployment discovery github github actions heroku integration october research run scale service service providers sysdig team threat threat actor threat research

More from cloudsecurityalliance.org / Cloud Security Alliance

Cl

The Path to SOC 2 Compliance for Startups 2 days, 13 hours ago | cloudsecurityalliance.org

business can challenges companies +16

Cl

Learn How to Navigate Ransomware Attacks in a Digital World 4 days, 8 hours ago | cloudsecurityalliance.org

attacks businesses computer digital +16

Cl

What are the ISO 9001 Requirements? 1 week, 1 day ago | cloudsecurityalliance.org

certification compliance context evaluation +16

Cl

What is Agile Compliance? | Continuous Monitoring for Enhanced Risk Reduction 1 week, 3 days ago | cloudsecurityalliance.org

agile amp best practices blog +32

Cl

Unlocking Trust in the Digital Age: The Power of Blockchain Technologies 1 week, 3 days ago | cloudsecurityalliance.org

age blockchain business communication +20

Cl

Level Up Your Security Strategy with Cyber Resilience 1 week, 4 days ago | cloudsecurityalliance.org

advisory barr advisory breach can +16

Cl

Mastering Least Privilege: Cutting Unused Access 1 week, 4 days ago | cloudsecurityalliance.org

access attack attack surface breaches +16

Cl

How Cybersecurity and AI Will Influence Global Elections in 2024 1 week, 4 days ago | cloudsecurityalliance.org

advocacy artificial artificial intelligence big +20

Cl

Mastering Secure DevOps with Six Key Strategies 1 week, 5 days ago | cloudsecurityalliance.org

addresses applications attacks breaches +24

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Corporate Intern - Information Security (Year Round)

@ Associated Bank | US WI Remote

View on infosec-jobs.com

Senior Offensive Security Engineer

@ CoStar Group | US-DC Washington, DC

View on infosec-jobs.com