Threat actors are compromising cloud accounts in order to create distributed workloads for cryptomining. The attacks should be a warning sign to companies that their security controls are not working well in the cloud. Access-as-a-service groups, for example, will often use compromised cloud accounts to run cryptominers or generate DDoS attacks as a way to generate extra income. Attackers are playing a criminal game of capturing the flag in your infrastructure, says Aqua Security’s Mor Weinberger.”]
Source: https://www.darkreading.com/cloud/attackers-fighting-over-cloud-workloads-for-cryptomining