Operation Goldfish Alpha reduces cryptojacking across Southeast Asia by 78%

Interpol and CERT teams from 10 Southeast Asian countries crack down on hacked MikroTik routers.

interpol-action.jpg

Image: Interpol

Special feature

Special report: A winning strategy for cybersecurity (free PDF)

This ebook, based on the latest ZDNet/TechRepublic special feature, offers a detailed look at how to build risk management policies to protect your critical digital assets.

Read More

Interpol announced today the results of Operation Goldfish Alpha, a six-month effort to secure hacked routers across the Southeast Asia region.

In a press conference held today in Singapore, the international law enforcement agency said its efforts resulted in a drop of cryptojacking operations across Southeast Asia by 78%, compared to levels recorded in June 2019.

Interpol said the operation got underway after learning in June more than 20,000 MikroTik routers had been hacked, and crooks were using them to mine cryptocurrency.

Over the following months, Interpol said it worked closely with the private cyber-security sector and members of national police and Computer Emergency Response Teams (CERTs) teams from ten local countries (Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Philippines, Singapore, Thailand and Vietnam).

Private sector partners included the Cyber Defense Institute and Trend Micro. The two companies supported Operation Goldfish Alpha through information sharing and analysis of cryptojacking cases and by providing participating countries with guidelines for patching infected routers and advice on preventing future infections.

The National Cyber Security Center of Myanmar also issued a set of good cyber hygiene guidelines for protecting against cryptojacking.

These guides were disseminated to law enforcement and CERT teams, which then contacted infected victims across their respective countries and worked with router owners to secure devices.

"When the operation concluded in late November, the number of infected devices had been reduced by 78 per cent," Interpol officials said today. "Efforts to remove the infections from the remaining devices continue."

Hacking MikroTik routers and injecting crypto-mining scripts has been a popular practice among hackers since the summer of 2018. At the time, hackers used a recently disclosed MikroTik vulnerability to hijack and infect more than 200,000 routers across the world, on which they injected crypto-mining scripts.

In a report last year, Trend Micro said that despite being on a downward trend since early 2018, illegal crypto-mining was the most detected threat in the first half of 2019.

tm-cryptojacking.png

Image: Trend Micro