A recent cybersecurity breach has exposed vulnerabilities in government agencies, as hackers infiltrated the U.S. Agency for International Development (USAID) to mine cryptocurrency. The attackers secretly exploited the agency’s Microsoft Azure cloud resources, leading to $500,000 in unauthorized service charges before the breach was detected. This incident highlights the growing threat of cryptojacking, a cybercrime where hackers hijack computing power for financial gain.
How the Hackers Gained Access
The attackers used a technique called password spraying, which involves trying a set of commonly used passwords on multiple accounts until one works. They managed to breach a high-level administrator account that was part of a test environment, gaining significant control over the system.
Once inside, they created another account with similar privileges, allowing them to operate undetected for some time. Both accounts were then used to run cryptomining software, which consumes large amounts of processing power to generate digital currency. Since USAID was responsible for cloud costs, the agency unknowingly footed a massive bill for unauthorized usage.
What is Cryptojacking?
Cryptojacking is a cyberattack where hackers steal computing resources to mine cryptocurrencies like Bitcoin or Monero. Mining requires powerful hardware and electricity, making it expensive for individuals. By infiltrating cloud systems, cybercriminals shift these costs onto their victims, while reaping financial rewards for themselves.
This attack is part of a larger trend:
1. 2018: A cryptojacking incident compromised government websites in the U.S., U.K., and Ireland through a malicious web plugin.
2. 2019: Hackers accessed an AWS cloud account of a U.S. federal agency by exploiting credentials leaked on GitHub.
3. 2022: Iranian-linked hackers were found mining cryptocurrency on a U.S. civilian government network.
Cybersecurity experts warn that cryptojacking often goes unnoticed because it doesn’t immediately disrupt services. Instead, it slowly drains computing resources, resulting in skyrocketing cloud costs and potential security risks.
How USAID Responded
Once the attack was discovered, USAID took steps to secure its systems and prevent future breaches:
- Tightened password policies to prevent unauthorized access.
- Enabled multi-factor authentication (MFA) to add an extra layer of security.
- Deleted compromised accounts and removed harmful scripts used in the attack.
- Introduced continuous security monitoring to detect suspicious activity earlier.
A USAID internal report emphasized the need for stronger cybersecurity defenses to prevent similar incidents in the future.
Experts Warn of Increasing Cryptojacking Threats
Cryptojacking attacks are typically carried out by individual hackers or cybercrime syndicates looking for quick profits. However, some state-sponsored groups, including those linked to North Korea, have also used this method to fund their operations.
Cybersecurity professionals explain how these attacks work:
“If I break into someone’s cloud system, I can mine cryptocurrency using their resources, while they get stuck with the bill,” — Hamish Eisler, Chainalysis.
Jon Clay, a Threat Intelligence Expert at Trend Micro, describes cryptojacking as a persistent issue, where cybercriminals constantly look for new ways to exploit vulnerabilities.
How to Protect Against Cryptojacking
Organizations can take several measures to reduce the risk of cryptojacking attacks:
- Implement strong passwords and MFA to make unauthorized access harder.
- Monitor cloud usage for unexpected spikes in resource consumption.
- Limit administrative access to only essential personnel.
- Regularly review security settings to close potential loopholes.
To combat these threats, Microsoft introduced mandatory MFA for Azure logins, which began rolling out in 2024. This security measure is expected to make it harder for hackers to take over cloud accounts.
Cryptojacking is a growing cybersecurity threat that can lead to financial losses, operational disruption, and security risks. The USAID breach serves as a wake-up call for both government agencies and businesses to strengthen their cyber defenses. Without proactive measures, organizations remain vulnerable to attacks that silently drain resources and increase costs.
