Tesla‘s Amazon Web Services (AWS) cloud account has been compromised by hackers and used for cryptocurrency mining, according to cyber security specialist RedLock.
It said other major firms were affected by similar problems and the incident marks another case of what is known as “cryptojacking.”
Tesla said that it did not see any initial impact on customer data protection or the safety and security of its vehicles.
RedLock said the hackers not only gained unauthorized access to non-public Tesla data, but were also stealing compute resources within Tesla’s Amazon Web Services (AWS) environment for cryptojacking. The researchers immediately informed Tesla of its findings, and the vulnerabilities have already been addressed, RedLock said.
The Tesla findings build on research from last year, when a RedLock team found that hundreds of Kubernetes administration consoles were accessible over the internet without password protection, and were leaking credentials to other critical applications. In Tesla’s case, the cyber thieves gained access to Tesla’s Kubernetes administrative console, which exposed access credentials to Tesla’s AWS environment. Those credentials provided unfettered access to non-public Tesla information stored in Amazon Simple Storage Service (S3) buckets.
In addition, the cyber thieves performed cryptojacking using Tesla’s cloud compute resources and employed specific techniques to evade detection. For example, instead of the more familiar public ‘mining pool,’ they installed mining pool software and configured the malicious script to connect to an ‘unlisted’ endpoint. That, RedLock maintains, makes it harder for standard IP/domain-based threat intelligence feeds to detect malicious activity.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataOther tricks included hiding the true IP address of the mining pool server behind CloudFlare, and likely keeping CPU usage low to further evade detection.
More details from RedLock about the Tesla incident.