Cryptomining

Cryptomining, as a sub-technique of Resource Hijacking within the Impact tactic, involves adversaries leveraging compromised application resources to mine cryptocurrency without authorization. This exploitation typically occurs when attackers inject malicious code into web applications, serverless functions, containers, or other computational resources, diverting CPU, GPU, and memory capacity from legitimate processes to perform complex mathematical calculations required for cryptocurrency mining. The impact extends beyond performance degradation, causing increased energy consumption, accelerated hardware deterioration, and potential service disruptions. Unlike other resource hijacking methods that might focus on bandwidth or storage, cryptomining specifically monetizes computational power, making it particularly attractive for long-term persistence scenarios where attackers can generate consistent financial returns while maintaining relatively low visibility compared to more disruptive attacks. Organizations may observe symptoms including unexplained CPU spikes, thermal issues, reduced application responsiveness, and anomalous network connections to mining pools.