The Sysdig Threat Research Team has uncovered an extensive crypto mining operation, PurpleUrchin, which abuses free continuous integration and deployment service accounts. It’s a new name for an old technique of abusing free service offerings.
Sysdig TRT estimates that every “free” PurpleUrchin GitHub account costs GitHub $15 per month. Free tier accounts from the other service providers are estimated to cost providers from $7 to $10 per month.
In 2020,https://attack.mitre.org/groups/G0050/ (Bismuth, OceanLotus) deployed crypto mining operations on victim networks to evade detection of their simultaneous cyberespionage campaign.