While Elon Musk might be busy making plans to take humans to Mars and impress people with SpaceX’s upcoming internet satellite launch, notorious hackers don’t know how to take a break.
As detected by cloud security firm RedLock, the hackers were able to take control of Tesla’s poorly secured public cloud account to mine cryptocurrency. The hackers infiltrated Kubernetes console of Tesla, which didn’t have any password protection. Well, they can claim that it would be unfair to blame them entirely.
With the help of one Kubernets pod, they were able to access Tesla’s AWS account containing important telemetry data. Hackers also used one pod to perform cryptocurrency mining.
Unlike the usual mining methods, hackers installed mining pool software and configured the mining script in such a way that standard security means failed to spot the malicious activity.
Moreover, they also used CloudFlare to hide the true IP of the mining pool, making the detection process more challenging. The software was configured to keep the CPU usage low to avoid detection.
This was not a single instance. Earlier, the firm found hundreds of other Kubernetes consoles accessible over the internet without any password. Some of these instances belonged to Avia, an insurance company, and Gemalto, world’s largest SIM card manufacturer.
Submitted by: Arnfried Walbrecht