Even the US government can fall victim to cryptojacking | FedScoop<\/title> <meta name=\"description\" content=\"Documents reveal that USAID was victimized by a password spray attack that resulted in roughly $500,000 in Microsoft service charges.\"> <link rel=\"canonical\" href=\"https:\/\/fedscoop.com\/cryptojacking-federal-government-agencies-usaid\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Even the US government can fall victim to cryptojacking\"> <meta property=\"og:description\" content=\"Documents reveal that USAID was victimized by a password spray attack that resulted in roughly $500,000 in Microsoft service charges.\"> <meta property=\"og:url\" content=\"https:\/\/fedscoop.com\/cryptojacking-federal-government-agencies-usaid\/\"> <meta property=\"og:site_name\" content=\"FedScoop\"> <meta property=\"article:published_time\" content=\"2025-01-31T16:29:02+00:00\"> <meta property=\"article:modified_time\" content=\"2025-01-31T16:30:07+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/even-the-us-government-can-fall-victim-to-cryptojacking-1.jpg\"> <meta property=\"og:image:width\" content=\"1024\"> <meta property=\"og:image:height\" content=\"683\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"rheilweil\"> <meta name=\"twitter:card\" content=\"summary_large_image\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"FedScoop \u00bb Feed\" href=\"https:\/\/fedscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"FedScoop \u00bb Comments Feed\" href=\"https:\/\/fedscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/fedscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1732206022g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/fedscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1736472017g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/fedscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1738186663g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=811a4fffdf449a472805\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/fedscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/fedscoop.com\/wp-json\/wp\/v2\/posts\/82886\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/fedscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.7.1\">\n<link rel=\"shortlink\" href=\"https:\/\/fedscoop.com\/?p=82886\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/fedscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Ffedscoop.com%2Fcryptojacking-federal-government-agencies-usaid%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/fedscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Ffedscoop.com%2Fcryptojacking-federal-government-agencies-usaid%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/fedscoop.com\/wp-content\/uploads\/sites\/5\/2023\/01\/cropped-fs_favicon-3.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/fedscoop.com\/wp-content\/uploads\/sites\/5\/2023\/01\/cropped-fs_favicon-3.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/fedscoop.com\/wp-content\/uploads\/sites\/5\/2023\/01\/cropped-fs_favicon-3.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/fedscoop.com\/wp-content\/uploads\/sites\/5\/2023\/01\/cropped-fs_favicon-3.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-82886 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/fedscoop.com\/cryptojacking-federal-government-agencies-usaid\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.518584070796\">\n<div class=\"single-article__header-content\" readability=\"35.062344139651\">\n<p> Documents reveal that USAID was victimized by a password spray attack that resulted in roughly $500,000 in Microsoft service charges. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/fedscoop\/82886\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"427\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/even-the-us-government-can-fall-victim-to-cryptojacking.jpg?resize=640%2C427&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/even-the-us-government-can-fall-victim-to-cryptojacking-1.jpg 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/even-the-us-government-can-fall-victim-to-cryptojacking-1.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/even-the-us-government-can-fall-victim-to-cryptojacking-1.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/even-the-us-government-can-fall-victim-to-cryptojacking-1.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/even-the-us-government-can-fall-victim-to-cryptojacking-1.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/even-the-us-government-can-fall-victim-to-cryptojacking-1.jpg?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/01\/even-the-us-government-can-fall-victim-to-cryptojacking-1.jpg?resize=1012,675 1012w\" sizes=\"(max-width: 1012px) 100vw, 1012px\"><figcaption> ISTANBUL, TURKEY – MAY 05: A Bitcoin logo in the window of a cryptocurrency exchange kiosk on May 5, 2023 in Istanbul, Turkey. (Photo by Aziz Karimov\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"60.937776141384\"><body readability=\"123.86422535211\"><\/p>\n<p>Cryptojacking, the tactic of breaking into a device to steal computing resources and mine crypto, is a pervasive, frustrating and expensive problem. But attacks like these can also raise cybersecurity concerns, especially when they happen to the federal government. <\/p>\n<p>Last fall, the U.S. Agency for International Development learned it was hit by a cryptojacking incident, according to documents viewed by Scoop News Group. The agency was notified by Microsoft that a global administrator account located in a test environment had been breached through a password spray attack \u2014 a brute force attempt to enter a system by guessing a series of passwords. <\/p>\n<p>That account was then used to create another account \u2014 and both were then deployed to begin crypto-mining processes through USAID\u2019s Azure resources. The result was around half a million dollars in cloud service charges to the agency.<\/p>\n<p>Using government resources to break into an agency\u2019s resources for the purpose of mining crypto might sound strange, but it happens. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>In 2018, a cryptomining attack on a <a href=\"https:\/\/www.theguardian.com\/technology\/2018\/feb\/11\/government-websites-hit-by-cryptocurrency-mining-malware\">web plug-in used<\/a> to make websites more accessible reportedly impacted government websites in the United Kingdom, as well as in the U.S. and Ireland. <\/p>\n<p>A different federal agency was also impacted by a similar attack back in 2019, according to a person familiar with the incident. In that case, hackers found an agency\u2019s AWS tokens on a public Github page, which they used to access the agency\u2019s cloud resources. The breach wasn\u2019t successful, the person said. <\/p>\n<p>In 2022, a joint cybersecurity advisory shared that an Iranian-sponsored advanced persistent threat activity that included, among other nefarious activities, deploying <a href=\"https:\/\/www.cisa.gov\/sites\/default\/files\/publications\/aa22-320a_joint_csa_iranian_government-sponsored_apt_actors_compromise_federal%20network_deploy_crypto%20miner_credential_harvester.pdf\">crypto mining software<\/a>, on a federal civilian executive branch network.<\/p>\n<p>In response to the more recent USAID incident, the system manager called for strict password policies and enforced multifactor authentication for all accounts. The system manager also wiped batch files associated with the attack, as well as deleted the accounts used for the attack. A document viewed by FedScoop noted the agency had begun continuous monitoring of security alerts from the cloud system, which the agency had not previously done. The incident showed the need for stringent security measures, the document said. <\/p>\n<p>USAID has <a href=\"https:\/\/www.usaid.gov\/news-information\/press-releases\/feb-02-2024-usaid-receives-ninth-fitara-scorecard-170#:~:text=USAID%20earned%20an%20overall%20%E2%80%9CA,Innovation%20on%20February%201%2C%202024.\">received consistent \u201cA\u201d grades<\/a> through the Federal Information Technology Acquisition Reform Act, which measures agencies\u2019 efficiency in IT and software modernization. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Scoop News Group interviewed experts at several cybersecurity-oriented firms \u2014 all of whom spoke generally on the topics of cryptojacking and how test accounts could be used in cyberattacks, rather than the specifics of the USAID incident. <\/p>\n<p>None of those cyber firms were familiar with a similar attempt on a government website, though cryptojacking is common in the private sector and some experts said they\u2019re likely to impact the government, too. The Cybersecurity and Infrastructure Security Agency referred Scoop to USAID, which did not respond to requests for comment. Microsoft declined to comment. <\/p>\n<p>Hamish Eisler, an advisory solutions architect at Chainalysis, explained generally how cryptojacking can work. \u201cI\u2019m going to hack somebody\u2019s cloud account, and I\u2019m just going to start spending their resources on it. If somebody else is paying the bills and I hack their account and suddenly start spending a bunch of CPU cycles on it, they\u2019re paying for my effort.\u201d <\/p>\n<p>Generally, individuals with information technology positions in their title are an attractive starting point for attackers, according to Olesia Klevchuk, director of product marketing at Barracuda. Creating secondary accounts from a privileged account is also strategic, she said, since those secondary accounts may not be well-monitored. <\/p>\n<p>Generally, monitoring for cryptojacking attacks can be difficult, said Jon Clay, vice president of threat intelligence at Trend Micro.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cOne of the things we see a lot of is, they come in, they drop their miners, and then they wipe their tracks of everything they did prior to that. So it\u2019s very difficult,\u201d he said. \u201cThey also wipe out and turn off a lot of the security products that are running on these machines.\u201d<\/p>\n<p>Attackers who pursue these stunts tend to be individuals, or criminal gangs who have a business model of mining crypto. Nation states \u2014 particularly groups associated with the North Korean government \u2014 have also deployed cryptojacking, according to Daniel Blackford, director of threat research at Proofpoint. <\/p>\n<p>Still, cryptojacking attempts are primarily motivated by the prospect of making money and aren\u2019t usually focused on a particular target, experts said. Cryptojacking can be somewhat of a \u201cwhack-a-mole\u201d problem that can cost targets tens of millions of dollars, Eisler noted. <\/p>\n<p>Several sources said multifactor authentication helps reduce the chances of this kind of attack. Microsoft introduced <a href=\"https:\/\/azure.microsoft.com\/en-us\/blog\/announcing-mandatory-multi-factor-authentication-for-azure-sign-in\/?msockid=0a1ba9db88aa60aa0e15bcce8caa628d\">mandatory MFA authentication<\/a> for Azure sign-in last August, which was supposed to be rolled out in phases, starting in 2024. <\/p>\n<p>The USAID incident comes amid ongoing <a href=\"https:\/\/cyberscoop.com\/federal-government-agency-social-media-security-multifactor-authentication\/\">concerns about the deployment of MFA at government agencies<\/a>, as well as <a href=\"https:\/\/cyberscoop.com\/microsoft-csrb-china-hacking\/\">criticisms of Microsoft\u2019s approach to cybersecurity<\/a> and the federal cloud. <\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">FedScoop TV<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to FedScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/fedscoop.com\/cryptojacking-federal-government-agencies-usaid\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Even the US government can fall victim to cryptojacking |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[78],"tags":[86],"class_list":["post-7154","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","tag-cybersecurity"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a>","tag_info":"Cybersecurity","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7154","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7154"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7154\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7154"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7154"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7154"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7154,"date":"2025-01-31T10:31:26","date_gmt":"2025-01-31T16:31:26","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=83359"},"modified":"2025-01-31T10:31:26","modified_gmt":"2025-01-31T16:31:26","slug":"even-the-us-government-can-fall-victim-to-cryptojacking","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/01\/31\/even-the-us-government-can-fall-victim-to-cryptojacking\/","title":{"rendered":"Even the US government can fall victim to cryptojacking"},"content":{"rendered":"