A string of nominees all previously said that they support the practice A string of nominees all previously said that they support the controversial practice.
Β© 2024 TechCrunch. All rights reserved. For personal use only.
Ahead of a major crackdown on illegal cryptocurrency mines in Russia next year, a power provider in Siberia has been fined for illegally leasing state land that's supposed to be used only for public utilities to an illegal mining operation.
In a social media post translated by Ars, the Irkutsk Region Prosecutor-Generalβs Office explained that the power provider was fined more than 330,000 rubles (about $3,000) for the improper land use. Local prosecutors will also pursue an administrative case against the power provider, the office said.
Crypto mining is popular in Siberia because of low operating costs, Crypto News noted, due to the cool temperatures and cheap power supply. But many in Siberia have blamed crypto miners for power outages and grid instability that can cause significant harms during winter months.
Β© shaunl | iStock / Getty Images Plus
A sophisticated and ongoing supply-chain attack operating for the past year has been stealing sensitive login credentials from both malicious and benevolent security personnel by infecting them with Trojanized versions of open source software from GitHub and NPM, researchers said.
The campaign, first reported three weeks ago by security firm Checkmarx and again on Friday by Datadog Security Labs, uses multiple avenues to infect the devices of researchers in security and other technical fields. One is through packages that have been available on open source repositories for over a year. They install a professionally developed backdoor that takes pains to conceal its presence. The unknown threat actors behind the campaign have also employed spear phishing that targets thousands of researchers who publish papers on the arXiv platform.
The objectives of the threat actors are also multifaceted. One is the collection of SSH private keys, Amazon Web Services access keys, command histories, and other sensitive information from infected devices every 12 hours. When this post went live, dozens of machines remained infected, and an online account on Dropbox contained some 390,000 credentials for WordPress websites taken by the attackers, most likely by stealing them from fellow malicious threat actors. The malware used in the campaign also installs cryptomining software that was present on at least 68 machines as of last month.
Β© Getty Images
