PurpleUrchin Gang Embraces DevOps in Massive Cloud Malware Campaign
More information has become available on “PurpleUrchin,” a malicious campaign in which a threat group called Automated Libra is using DevOps and continuous integration/continuous deployment (CI/CD) practices to mine cryptocurrency on cloud platforms using free trial accounts. The campaign began in August 2019 and has mainly targeted platforms such as GitHub, Heroku, and ToggleBox. Security…