Type
Incident
Actors
Unknown
Pub. date
January 31, 2025
Initial access
Password attack
Impact
Resource hijacking
Observed techniques
Password sprayingCloud compute cryptojacking
References
https://fedscoop.com/cryptojacking-federal-government-agencies-usaid/
Status
Finalized
Last edited
Feb 2, 2025 7:33 AM
The U.S. Agency for International Development (USAID) was hit by a cryptojacking attack. A global administrator account in a test environment within their Azure subscription was compromised as a result of a password spray attack. The attackers then leveraged the compromised account to create another account, and both were then abused for crypto-mining, resulting in charges of half a million dollars.