A South Africa-based threat actor known as Automated Libra has been observed adopting increasingly sophisticated techniques to conduct a widespread freejacking campaign against various public cloud services.
Freejacking is the act of using free or time-limited access to public cloud resources – such as introductory trial offers – to perform illicit cryptomining.
The campaign was initially dubbed PurpleUrchin by researchers at cloud and container security specialist Sysdig, which uncovered it last year while analysing some publicly shared containers and suspicious activity emanating from a Docker hub account.