Hackers accessed Tesla’s AWS access credentials by penetrating a non-password protected Kubernetes software container. The hackers then used the Kubernetes container to minefor cryptocurrencies, for an as of yet unknown amount of time.
RedLock’s CSI team exposed a similar hack of AWS for Bitcoin (BTC) mining purposes at companies Aviva and Gemalta in October of last year. These companies, like Tesla, did not have passwords for their admin consoles.
The Tesla hack was well disguised–the hackers didn’t use an already-known mining pool, but instead put in their own mining pool software than connected the malicious script to an “unlisted” endpoint, complicating the ability to detect any suspicious activity.
The hackers also kept their CPU usage low to prevent being spotted, and hid the mining pool’s IP address behind free content delivery network CloudFlare, RedLock reports…