silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,151
In a status page, the Ghost developer team said they detected an intrusion into their backend infrastructure systems at around 1:30am UTC.
Ghost devs said the hackers used CVE-2020-11651 (an authentication bypass) and CVE-2020-11652 (a directory traversal) to take control over its Salt master server.
The blogging company said that while hackers had access to the Ghost(Pro) sites and Ghost.org billing services, they didn't steal any financial information or user credentials.
Instead, Ghost said the hackers installed a cryptocurrency miner."The mining attempt spiked CPUs and quickly overloaded most of our systems, which alerted us to the issue immediately," Ghost developers said.
Ghost devs took down all servers, patched systems, and redeployed everything online after a few hours.