Thousands of Jenkins Servers Hacked to mine Monero

<div dir="ltr" style="text-align: left;" trbidi="on"> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi30dKMYj2OqNHjon8iwHK-B2-NX3L8DMpuxaf4Uz35m9U95sYLWh6_RvDzVGhuVrhQBYPWzbBpLejYYk90VBl9AMWNMvPogHpX7d3VRjqIr5V0IUmp6dSy7nu3y_d2rB5N5Vmkbf9Pebv8/s1600/JenkinsMinerMalware.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Jenkins-Hacked-to-Mine-Monero" border="0" data-original-height="455" data-original-width="1250" height="232" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi30dKMYj2OqNHjon8iwHK-B2-NX3L8DMpuxaf4Uz35m9U95sYLWh6_RvDzVGhuVrhQBYPWzbBpLejYYk90VBl9AMWNMvPogHpX7d3VRjqIr5V0IUmp6dSy7nu3y_d2rB5N5Vmkbf9Pebv8/s640/JenkinsMinerMalware.png" title="Jenkins-Hacked-to-Mine-Monero" width="640" /></a></div> A hacker group has made over $3 million by breaking into Jenkins servers and installing malware that mines the Monero cryptocurrency.<br /> <br /> Hackers are targeting <a href="http://www.hackerschronicle.com/search/label/Jenkins" target="_blank">Jenkins</a>, a continuous integration/deployment web application built in Java that allows dev teams to run automated tests and execute various operations based on test results, including deploying new code to production servers. Because of this, Jenkins servers are extremely popular with both freelance web developers, but also with large enterprises.<br /> <br /> A cyber security research firm announced it uncovered the footprint of a large hacking operation targeting Jenkins servers left connected to the Internet.<br /> <br /> <b>Hackers using Jenkins RCE flaw</b><br /> Attackers were leveraging <a href="https://jenkins.io/security/advisory/2017-04-26/" target="_blank">CVE-2017-1000353</a>, a vulnerability in the Jenkins Java deserialization implementation that allows attackers to run malicious code remotely without needing to authenticate first. Hackers used this vulnerability to make Jenkins servers download and install a <a href="http://www.hackerschronicle.com/search/label/Monero" target="_blank">Monero </a>miner (minerxmr.exe).<br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGiJBIbSv3T6AcNnIggGFU6KI9Fa7h_RMAkL2X178JZtCNr18o3UaL6pDbIrFHphdQhExL1qczWJZima4L3odaVMSPBcfBENnzYP2UvBu0xMYyf3g12jVpeh5-tHTLbcfz8CFuWHiG5EZ3/s1600/Jenkins-Servers-Hacked.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Jenkins-Servers-Hacked" border="0" data-original-height="438" data-original-width="894" height="312" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGiJBIbSv3T6AcNnIggGFU6KI9Fa7h_RMAkL2X178JZtCNr18o3UaL6pDbIrFHphdQhExL1qczWJZima4L3odaVMSPBcfBENnzYP2UvBu0xMYyf3g12jVpeh5-tHTLbcfz8CFuWHiG5EZ3/s640/Jenkins-Servers-Hacked.png" title="Jenkins-Servers-Hacked" width="640" /></a></div> The miner was being downloaded from an IP address located in <a href="http://www.hackerschronicle.com/search/label/Chinese%20Hackers" target="_blank">China </a>and assigned to the Huaian government network. It is unclear if this is the attacker's server, or a compromised server used to host the miner on behalf of the hackers.<br /> <br /> The attackers have been active for months. This has allowed them to mine and already <b>cash out over 10,800 Monero, which is over $3.4 million</b>, at the time of writing.<br /> <div class="separator" style="clear: both; text-align: center;"> <a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAqpuzY6xKEdjtbSmFtVncj31DDAvoeEG1EWeQhjXtUuETPrbwk2kSmDGOM-LnQyGWO_h9yvUBMqsK8YJ89JXXivyRoJryex7oY0lESJFLvrzSy6GjANkgpdJ_SN23HSFr9OMHvLoQy1vc/s1600/Monero-Mining-Malware.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Monero-Mining-Malware" border="0" data-original-height="475" data-original-width="1175" height="257" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiAqpuzY6xKEdjtbSmFtVncj31DDAvoeEG1EWeQhjXtUuETPrbwk2kSmDGOM-LnQyGWO_h9yvUBMqsK8YJ89JXXivyRoJryex7oY0lESJFLvrzSy6GjANkgpdJ_SN23HSFr9OMHvLoQy1vc/s640/Monero-Mining-Malware.png" title="Monero-Mining-Malware" width="640" /></a></div> Researchers say the group appears to have compromised mostly Jenkins instances running on Windows operating systems.<br /> <br /> <b>Over 25,000 Jenkins servers left exposed online</b><br /> Attackers aren't the only ones who've noticed the large number of Jenkins servers available online. In mid-January, security researcher Mikail Tunç published <a href="https://emtunc.org/blog/01/2018/research-misconfigured-jenkins-servers/" target="_blank">research</a> highlighting that there were over 25,000 Jenkins servers left exposed to Internet connections at the time of his research.<br /> <br /> Also on Friday, Researchers released new research on other hackers leveraging the <b>CVE-2017-10271</b> flaw to infect Oracle WebLogic servers with malware. This vulnerability has been under active exploitation <b>since early December 2017</b>, and one group has already made <b>more than $226,000</b>.<br /> <br /> Besides Jenkins and <b>Oracle WebLogic</b> servers, hackers are also targeting <b>Ruby on Rails, PHP, and IIS </b>servers, also deploying Monero-mining malware.<br /> <br /> Monero-mining malware is already this year's biggest <a href="http://www.hackerschronicle.com/search/label/Malwares" target="_blank">malware trend/problem</a>, with numerous malware distribution campaigns spreading such payloads on any unsecured computer/server crooks can get their hands on.</div>

Cryptocurrency Hacking News Jenkins Malwares Miner Monero News Thousands of Jenkins Servers Hacked to mine Monero

A hacker group has made over $3 million by breaking into Jenkins servers and installing malware that mines the Monero cryptocurrency. Hackers are targeting Jenkins, a continuous integration/deployment web application bu…

Read more »