Threat Intelligence ReportEclecticIQ Fusion Center Report: Hacker Group Makes $3 Million by Installing Monero Miners on Jenkins Servers (English)

A group of actors hacked into Jenkins servers and installed a malware that mines for Monero. This operation resulted in the theft of approximately $3 million (USD).

Report from EclecticIQ Fusion Center from Wednesday 21 February 2018.

Key Findings:

  • The hackers exploited the CVE-2017-1000353 vulnerability, known as the Jenkins RCE flaw, which enables an attacker to execute malicious code without the user's knowledge.
  • The malware was allegedly downloaded from an IP address found in China and associated to the Huaian government network, which has raised suspicion about the attacker's server.
  • Researchers have observed that Jenkins servers running on Windows operating systems, are the most targeted by this hacker group.
  • Jenkins is heavily targeted by hackers, due to its popularity within large companies and freelance web developers.

Download Resource

Download report and STIX entities See other resources