Electric car manufacturer’s cloud environment infiltrated by sophisticated cyber criminals
Servers run by electric car manufacturer Tesla were compromised by hackers and used to mine cryptocurrency, a US-based security firm says.
According to a report published by RedLock Tuesday, hackers were able to breach Tesla’s cloud environment after finding credentials in an unprotected open source console.
“The hackers had infiltrated Tesla’s Kubernetes console which was not password protected,” RedLock wrote. “Within one Kubernetes pod, access credentials were exposed to Tesla’s AWS environment which contained an Amazon S3 (Amazon Simple Storage Service) bucket that had sensitive data such as telemetry.”
After gaining entry, the hackers installed software designed to mine cyrptocurrency by utilizing server resources and avoided detection through “sophisticated evasion measures.”
“Unlike other crypto mining incidents, the hackers did not use a well known public ‘mining pool’ in this attack. Instead, they installed mining pool software and configured the malicious script to connect to an ‘unlisted’ or semi-public endpoint,” RedLock notes. “This makes it difficult for standard IP/domain based threat intelligence feeds to detect the malicious activity.”
The hackers also used CloudFlare to obscure the mining pool server’s IP address, configured the software to use a non-standard port and limited the CPU usage as not to arouse suspicion.
RedLock, which was unable to determine how long the miner was in place and how much currency it generated, states that it immediately notified Tesla of the issue.
In a statement to numerous media outlets, Tesla asserted the incident did not affect “customer privacy or vehicle safety.”
“We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it,” Tesla said. “The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”
News of the breach follows reports last week of a similar cryptomining attack against nearly 4,000 websites including several run by the U.K. government.
