International law enforcement is investigating an elaborate scheme of cryptojacking, which includes South African IP addresses which may have been part of the scheme.
Cryptojacking is the unauthorised use of someone’s computer to mine cryptocurrency, typically through malware which hides undetected on a victim’s equipment.
The investigation partly relates to exploitation of a critical vulnerability within MikroTik routers, for which a patch is available.
It has identified affected IP addresses in South Africa, and the Directorate for Priority Crime Investigation (DPCI – also known as the Hawks) is now assisting with the investigation.
The Hawks are responsible for the combating, investigation and prevention of national priority crimes in South Africa, and it encouraged affected South African service providers to report unauthorised access under the Electronic Communications and Transactions Act (ECTA) to the police.
The international law enforcement investigation has also made proposals regarding the issue, including:
- Discussions with ISPs and other authorities to conduct threat mitigation, such as ISP notifications to customers about security measures and a public awareness campaign.
- Informing people about the threat, and applying the vulnerability patch in potential vulnerable devices.
The Hawks clarified that they are not directly investigating the cryptojacking matter, and are currently only assisting international law enforcement agencies. This may change should cases be laid with the SAPS .