A hacker group has made over $3 million by breaking into Jenkins servers and installing malware that mines the Monero cryptocurrency.
Hackers are targeting Jenkins, a continuous integration/deployment web application built in Java that allows dev teams to run automated tests and execute various operations based on test results, including deploying new code to production servers. Because of this, Jenkins servers are extremely popular with both freelance web developers, but also with large enterprises.
On Friday, Israeli security firm Check Point announced it uncovered the footprint of a large hacking operation targeting Jenkins servers left connected to the Internet.
Hackers using Jenkins RCE flaw
Attackers were leveraging
CVE-2017-1000353, a vulnerability in the Jenkins Java deserialization implementation that allows attackers to run malicious code remotely without needing to authenticate first.
Check Point says hackers used this vulnerability to make Jenkins servers download and install a Monero miner (minerxmr.exe).
The miner was being downloaded from an IP address located in China and assigned to the Huaian government network. It is unclear if this is the attacker's server, or a compromised server used to host the miner on behalf of the hackers.
The attackers have been active for months. This has allowed them to mine and already cash out over 10,800 Monero, which is over $3.4 million, at the time of writing.
...................
...................
