USAID subjected to cryptojacking, documents reveal

The U.S. Agency for International Development incurred nearly $500,000 in Microsoft Azure cloud service charges following a cryptojacking incident last fall, according to FedScoop.

Attackers were discovered by Microsoft to have deployed a password spraying intrusion compromising USAID's global admin account in a test environment to establish another account before commencing cryptomining activities exploiting Azure resources, documents seen by Scoop News Group revealed. Such an incident has since prompted USAID to implement more robust password policies and multi-factor authentication, as well as the removal of all attack-linked accounts and batch files. Despite improved defenses, cryptojacking intrusion tracking was noted to be challenging by Trend Micro Vice President of Threat Intelligence Jon Clay. "One of the things we see a lot of is, they come in, they drop their miners, and then they wipe their tracks of everything they did prior to that. So it's very difficult. They also wipe out and turn off a lot of the security products that are running on these machines," said Clay.