Hackers Mine Cryptocurrency Via Tesla’s Cloud

tesla crypto hack

Electric automobile manufacturer Tesla has suffered a cryptocurrency mining malware attack, where hackers had installed mining pool software.

According to a new report released by Redlock, a security company focusing on cloud threat defense, their Cloud Security Intelligence team notified Tesla that an intrusion was discovered months prior, and steps were taken to address the vulnerability.

The malware installation was highly intricate - the hacker installed the mining pool malware behind CloudFlare, which allowed them to mask the IP address of the mining pool server. Furthermore, the hackers kept CPU usage low to prevent the malware from raising any red flags.

Tesla, in a statement to Gizmodo, explained that customer data was not accessed during the intrusion:

"We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it.”

The spokesperson continued:

"The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way.”

According to Redlock, the firm that discovered the intrusion, mining cryptocurrency is a more valuable use of Tesla’s servers than stealing data.

“The recent rise of cryptocurrencies is making it far more lucrative for cybercriminals to steal organizations’ compute power rather than their data,” RedLock CTO Gaurav Kumar told Gizmodo. “In particular, organizations’ public cloud environments are ideal targets due to the lack of effective cloud threat defense programs. In the past few months alone, we have uncovered a number of cryptojacking incidents including the one affecting Tesla.”

Kumar continues: 

“Given the immaturity of cloud security programs today, we anticipate this type of cybercrime to increase in scale and velocity.”

Redlock estimates that as much as 8 percent of organizations will face attacks by crypto jackers, but because network monitoring is so ineffective, most will go unnoticed and undetected.