PurpleUrchin Gang Embraces DevOps in Massive Cloud Malware Campaign

Source
Advertisement


More information has become available on “PurpleUrchin,” a malicious campaign in which a threat group called Automated Libra is using DevOps and continuous integration/continuous deployment (CI/CD) practices to mine cryptocurrency on cloud platforms using free trial accounts.

The campaign began in August 2019 and has mainly targeted platforms such as GitHub, Heroku, and ToggleBox. Security vendor Sysdig first reported on the campaign last October. This week, Palo Alto Networks’ Unit 42 threat hunting team provided fresh insight on the campaign based on a recent analysis of the threat group’s activities — and noted that while cryptomining is the game now, the infrastructure could be used to deliver much worse threats down the road.

Advertisement