Another $3M in Monero Mined by Exploiting Jenkins Vulnerability

Another massive exploit, this time using a vulnerability in the Jenkins Java framework, took over corporate servers to mine so far approximately $3 million in Monero.

The sun rose this morning as usual, water is still wet, and hackers are still mining cryptocurrencies like there’s no tomorrow.

After months of investigation, the folks at cybersecurity group Check Point Software discovered what may prove one of the largest illicit Monero mining operations to hit Windows-based servers. According to the researchers, the hackers involved in this particular attack have so far made off with about $3 million in Monero.

The perpetrators availed themselves of an exploit in the Jenkins Java framework to order servers to download a Monero miner and start mining for them.

According to Check Point, the hackers are of Chinese origin. They forced the servers to use the XMRig miner, which has previously been employed for other attacks.

Perhaps it needs to be noted at this point that XMRig itself is not malware, but it is often used lazily by hackers that make malware as a conduit to install on unwitting servers.

“Although the attack is well operated and maintained, and many mining-pools are used to collect the profits out of the infected machines, it seems that the operator uses only one wallet for all deposits and does not change it from one campaign to the next. So far, $3 million has been mined,” the company said in its report.

Since the attack is ongoing, the hackers will continue to profit until the administrators of all affected systems shut down XMRig.

A similar attack was launched earlier this month, with hackers using code that resembles the WannaCry ransomware. They managed to cluster more than 500,000 servers together and make them mine Monero at a daily rate of 24, which today would be worth around $7,600.

The profitability of these attacks might encourage more hackers to join the fray, which could, in turn, create problems in corporate systems unless they adopt a zero-trust cybersecurity policy.

Source: Read Full Article

Leave a Reply