ZDNet is reporting Tesla failed to properly secure their Amazon Web Services servers, thus leading to a breach where the attackers were using them to mine cryptocurrency:
Researchers from the RedLock Cloud Security Intelligence (CSI) team discovered that cryptocurrency mining scripts, used for cryptojacking — the unauthorized use of computing power to mine cryptocurrency — were operating on Tesla’s unsecured Kubernetes instances, which allowed the attackers to steal the Tesla AWS compute resources to line their own pockets.
Tesla’s AWS system also contained sensitive data including vehicle telemetry, which was exposed due to the unsecured credentials theft.
“In Tesla’s case, the cyber thieves gained access to Tesla’s Kubernetes administrative console, which exposed access credentials to Tesla’s AWS environment,” RedLock says. “Those credentials provided unfettered access to non-public Tesla information stored in Amazon Simple Storage Service (S3) buckets.”
The unknown hackers also employed a number of techniques to avoid detection. Rather than using typical public mining pools in their scheme, for example, the threat actors instead installed mining pool software and instructed the mining script to connect to an unlisted endpoint.
Tesla essentially lives within connected services, and to make such an amateur mistake is surprising for the company. The attackers could have done a lot more damage, but were ultimately more interested in trying to make money than vandalism.