Skip to main content

Cryptomining indicating infection or resource abuse

ID:cryptomining
Data type:DNS,IP,HTTP
Severity:
High
MITRE ATT&CK:TA0040:T1496

Description

AlphaSOC detected network traffic to a known cryptocurrency mining pool destination. This activity indicates that cryptocurrency mining software may be operating within the network. Cryptocurrency mining consumes significant computational resources and can be a sign of compromised systems being exploited for financial gain. Threat actors often deploy crypto miners on compromised hosts to monetize their access while remaining undetected.

Impact

Unauthorized cryptocurrency mining can degrade system and network performance, reduce productivity, and increase energy costs.

Severity

SeverityCondition
High
Cryptomining traffic

Investigation and Remediation

Identify the source of the mining activity, including affected systems and processes. Terminate the mining processes, remove the software, and conduct a thorough security assessment of the affected systems.

Known False Positives

  • Network traffic to domains that share infrastructure with known mining pools but serve different purposes