Skip to main content

Hackers hijacked traffic through Amazon servers for two hours, undetected

The event, which only lasted about two hours on Tuesday, April 24, saw traffic to Amazon’s cloud web hosting servers redirected to malicious websites. Not all of the traffic, just a small slice of it, about 1,300 IP addresses, according to Oracle. The attack saw traffic to MyEtherWallet redirected a malicious version of itself, where the attackers could siphon cryptocurrency off of users who thought they were logging into their cryptocurrency wallets.

One such site, MyEtherWallet, was cloned by attackers but likely didn’t result in the kind of massive theft we’re used to seeing when cryptocurrency wallets or exchanges are attacked. According to Ars Technica, the cryptocurrency wallet into which the fake MyEtherWallet site was dumping its cryptocurrency already had about $27 million worth of cryptocurrency in it.

Recommended Videos

Details like this have led some to believe the attack could have been state-sponsored, potentially with ties to Russia.

“So far the only known website to have traffic redirected was to MyEtherWallet.com, a cryptocurrency website. This traffic was redirected to a server hosted in Russia, which served the website using a fake certificate — they also stole the cryptocoins of customers,” wrote security researcher Kevin Beaumont. “The attacks only gained a relatively small amount of currency from MyEtherWallet.com — however their wallets in total already contained over [20 million pounds] of currency. Whoever the attackers were are not poor.”

It may not have been the first time these hackers have staged such an attack either, according to Ars. There were a couple suspiciously similar attacks in 2013 when hackers hijacked internet traffic to a number of U.S. companies, routing the traffic through Russian ISPs. Affected companies included Visa, MasterCard, Apple, and Symantec. Eight months later, another set of U.S. companies saw their traffic hijacked with the same kind of exploit.

These 2013 attacks used the same “border gateway protocol” exploit as today’s attack. Beaumont elaborated that today’s attack requires access to sophisticated equipment, which leads him to believe MyEtherWallet was not likely the only target — just the one we happened to notice.

“Mounting an attack of this scale requires access to BGP routers are major ISPs and real computing resource to deal with so much DNS traffic. It seems unlikely MyEtherWallet.com was the only target, when they had such levels of access,” Beaumont wrote. “Additionally, the attackers failed to obtain an SSL certificate while man-in-the-middle attacking the traffic — a very easy process — which alerted people to the issue at scale.”

Jayce Wagner
Former Digital Trends Contributor
A staff writer for the Computing section, Jayce covers a little bit of everything -- hardware, gaming, and occasionally VR.
Samsung’s Vision Pro competitor is one step closer to a 2025 release
The Sony XR headset being worn on a someone's face.

Samsung's TM Roh shares XR plans at the 2023 Galaxy Unpacked event. Samsung

Samsung has confirmed it still has plans to release an XR device that will be available sometime next year.

Read more
Intel CEO says that Lunar Lake was ‘a one-off’
Intel CEO Pat Gelsinger presents Intel's roadmap including Arrow Lake, Lunar Lake, and Panther Lake.

Intel's CEO Pat Gelsinger talked about the future of its top processors in the company's latest earnings call. Apart from reporting a huge $16.6 billion loss, the earnings call revealed a bit about next-gen products like Panther Lake and Nova Lake. According to Gelsinger, those two generations of laptop CPUs will not follow in Lunar Lake's footsteps. In fact, Gelsinger referred to Lunar Lake as "a one-off."

Lunar Lake introduced a first for Intel -- at least in terms of consumer processors. It came with on-package LPDDR5X memory, which brought Intel closer to some of the highly successful M chips manufactured by Apple. On-package memory can improve data transfer speeds and boost efficiency, and Lunar Lake was also proven to have solid battery life. Despite these benefits, Intel isn't going to give Lunar Lake a direct successor.

Read more
Lenovo’s latest laptop had an edge on the MacBook Air until this week
Lenovo Yoga Slim 7i Aura Edition front view showing display and keyboard.

There aren't many options in the 15-inch laptop category, which has given way to slightly smaller 14-inch laptops and larger 16-inch machines. But the MacBook Air 15 stands out as one of the best options you can buy today, as long as you don't need Windows.

The Lenovo Yoga Slim 7i Aura Edition is a new alternative that runs Intel's latest Lunar Lake chipsets that are aimed primarily at efficiency -- aimed most directly at Apple's efficient M3 chipset. Can the Yoga Slim 7i compete? Perhaps before this week. But now that the MacBook Air 15-inch starts with 16GB of RAM, the Yoga Slim 7i's advantages are lessened.
Specs and configurations

Read more