Electric vehicle maker Tesla has reportedly fallen victim to a cryptocurrency mining malware attack.
On Tuesday, cybersecurity software firm RedLock reported that hackers had exploited an insecure Kubernetes console, which they used to access and siphon computer processing power from Tesla's cloud environment in order to mine cryptocurrencies. The team says it discovered and reported the vulnerability to Tesla several months ago.
A Tesla spokesperson told Gizmodo that customer information was not accessed during the incident.
"We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it," the spokesperson reportedly said, explaining:
Unlike previous crypto mining attacks, the hackers that targeted Tesla did not utilize a public mining pool. Instead, they installed mining pool software and obscured it behind CloudFlare, which allowed them to hide the IP address of their mining pool server, making detection of the mining more difficult. To further hide their actions, the hackers ensured that CPU usage remained low during the hack.
RedLock CTO Gaurav Kumar said that public cloud environments are particularly vulnerable to mining hacks, which have been on the rise in tandem with the increase in cryptocurrencies' value.
"Organizations' public cloud environments are ideal targets due to the lack of effective cloud threat defense programs," he explained to Gizmodo. "In the past few months alone, we have uncovered a number of cryptojacking incidents including the one affecting Tesla."
Image Credit: Hadrian / Shutterstock.com
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.