Threat Intelligence Report EclecticIQ Fusion Center Report: Hacker Group Makes $3 Million by Installing Monero Miners on Jenkins Servers (English)
A group of actors hacked into Jenkins servers and installed a malware that mines for Monero. This operation resulted in the theft of approximately $3 million (USD).
Report from EclecticIQ Fusion Center from Wednesday 21 February 2018.
- The hackers exploited the CVE-2017-1000353 vulnerability, known as the Jenkins RCE flaw, which enables an attacker to execute malicious code without the user's knowledge.
- The malware was allegedly downloaded from an IP address found in China and associated to the Huaian government network, which has raised suspicion about the attacker's server.
- Researchers have observed that Jenkins servers running on Windows operating systems, are the most targeted by this hacker group.
- Jenkins is heavily targeted by hackers, due to its popularity within large companies and freelance web developers.