tesla
Hackers gained access to Tesla's Amazon cloud account and used it to stealthily mine cryptocurrency Kevork Djansezian/Getty Images

Hackers managed to infiltrate Tesla's Amazon cloud account and quietly use it to mine cryptocurrency, security researchers have discovered. Researchers at cloud security firm RedLock uncovered the intrusion last month while trying to determine the owner of a Kubernetes console that was left without any password protection.

Google's open-source Kubernetes administrative console is used by many companies to manage and deploy multiple cloud applications and services. In this case, however, the unsecured console exposed the access credentials to Tesla's Amazon Web Services (AWS) environment.

The S3 bucket also contained sensitive information including vehicle telemetry, mapping and servicing data.

Hackers who spotted the unprotected Kubernetes console used it to run cryptomining scripts and stealthily mine virtual coins - the latest in a string of cryptojacking attacks involving hackers hijacking victims' computers processing power to generate digital currency.

In this attack, the hackers used various clever techniques to evade detection.

"To conceal their identity, the scripts were connecting to servers that reside behind CloudFlare, a content delivery network," researchers said in a report published earlier this week. "The nefarious network activity had gone completely unnoticed by Tesla."

Rather than opting for a well-known, public mining pool, the hackers installed mining pool software and instructed the malicious script to connect to an "unlisted" or semi-public endpoint, making it all the more difficult to detect any suspicious activity. They also configured the mining software to listen on a non-standard port and made sure the CPU usage wasn't too high to raise any red flags.

It is not immediately clear how long the account was exposed or when hackers gained access to it.

RedLock's Cloud Security Intelligence team notified Tesla of the incident who then quickly resolved the issue.

A Tesla spokesperson said no customer data was affected in the breach.

"We maintain a bug bounty program to encourage this type of research, and we addressed this vulnerability within hours of learning about it," the representative said in a statement. "The impact seems to be limited to internally-used engineering test cars only, and our initial investigation found no indication that customer privacy or vehicle safety or security was compromised in any way."

IBTimes UK has reached out to Tesla for further comment.

The researchers were reportedly awarded $3,133.70 (£2240.81) for their findings - a nod to "1337" which is hacker slang for "elite" or "leet".

The incident comes as cryptojacking heists become increasingly common and sophisticated alongside the rise and popularity of cryptocurrency. Last week, nearly 4,000 websites across the globe, including numerous government websites, were hijacked by hackers to mine cryptocurrency.

It also comes as security experts raise serious concerns about the rise in data leaks due to cloud storage misconfiguration, often the result of human error.

According to RedLock research, an estimated 58% of organisations using cloud storage services such as Amazon S3 and Microsoft Azure Blob storage have accidentally exposed "at least one cloud storage service" to the public. About 66% of databases are not encrypted while 55% fail CIS compliance checks.

Researchers found 8% of organisations have had cryptojacking activity within their environments - a figure that will "rapidly increase" as the technique gains popularity within the hacking community.

"The message from this research is loud and clear — the unmistakable potential of cloud environments is seriously compromised by sophisticated hackers identifying easy-to-exploit vulnerabilities," Gaurav Kumar, CTO of RedLock and head of the CSI team, said. "Security is a shared responsibility: Organizations of every stripe are fundamentally obliged to monitor their infrastructures for risky configurations, anomalous user activities, suspicious network traffic, and host vulnerabilities.

"Without that, anything the providers do will never be enough."