Pause off my cluster: DERO cryptojacking takes a new shape

This report analyzes the evolution of the 2023 DERO cryptojacking campaign, highlighting adaptations by underlying threat actors to evade modern detection mechanisms. The activity focuses on unauthorized cryptocurrency mining within compromised clusters, leveraging updated techniques to maintain persistence and avoid security alerts. While specific actor identities remain undisclosed in this summary, the campaign represents a risk to cloud infrastructure and computational resources. Organizations are advised to implement robust monitoring strategies and adhere to recommended mitigation best practices to counter these evasion tactics. The shift in operational methods suggests a mature threat landscape where attackers continuously refine their tools to bypass standard defenses. Security teams must prioritize visibility into cluster activities and enforce strict access controls to prevent resource hijacking. Proactive defense measures are essential to disrupt the financial incentives driving these cryptojacking operations and protect organizational infrastructure from performance degradation and increased operational costs associated with unauthorized mining.

Learn how the threat actors behind the 2023 DERO cryptojacking campaign have adapted their techniques to evade detection, and the best practices for mitigation.

This report analyzes the evolution of the 2023 DERO cryptojacking campaign, highlighting adaptations by underlying threat actors to evade modern detection mechanisms. The activity focuses on unauthorized cryptocurrency mining within compromised clusters, leveraging updated techniques to maintain persistence and avoid security alerts. While specific actor identities remain undisclosed in this summary, the campaign represents a risk to cloud infrastructure and computational resources. Organizations are advised to implement robust monitoring strategies and adhere to recommended mitigation best practices to counter these evasion tactics. The shift in operational methods suggests a mature threat landscape where attackers continuously refine their tools to bypass standard defenses. Security teams must prioritize visibility into cluster activities and enforce strict access controls to prevent resource hijacking. Proactive defense measures are essential to disrupt the financial incentives driving these cryptojacking operations and protect organizational infrastructure from performance degradation and increased operational costs associated with unauthorized mining. Learn how the threat actors behind the 2023 DERO cryptojacking campaign have adapted their techniques to evade detection, and the best practices for mitigation. Learn how the threat actors behind the 2023 DERO cryptojacking campaign have adapted their techniques to evade detection, and the best practices for mitigation.