Home Internet Security Jenkins project’s Confluence server hacked to mine Monero

Jenkins project’s Confluence server hacked to mine Monero


Jenkins project's Confluence server hacked to mine Monero

Hackers exploiting the not too long ago disclosed Atlassian Confluence distant code execution vulnerability breached an inside server from the Jenkins challenge.

Whereas the assault is regarding as a result of Jenkins is a well-liked open-source server for automating elements of software program growth, there is no such thing as a purpose that the challenge releases, plugins, or code have been impacted.

Admins are being cautious

As BleepingComputer reported final week, after the proof-of-concept exploit code for CVE-2021-26084 grew to become public, menace actors began to scan for weak Atlassian Confluence cases to put in cryptocurrency miners.

Whereas many attackers used the exploit to put in the open-source, cross-platform XMRig Monero cryptocurrency miner, they might additionally leverage the vulnerability for extra damaging assaults.

Final week, directors of the Jenkins challenge found that one among their deprecated Confluence server fell sufferer to one among these assaults.

“Up to now in our investigation, we’ve realized that the Confluence CVE-2021-26084 exploit was used to put in what we consider was a Monero miner within the container operating the service. From there an attacker wouldn’t have the ability to entry a lot of our different infrastructure” – Mark Waite, Jenkins Documentation Officer

Though there is no such thing as a proof suggesting that the attacker stole developer credentials, Jenkins challenge managers are being cautious and have reset passwords for all accounts within the built-in identification system that additionally included the deprecated Confluence service.

The admins additionally mentioned that they “are taking actions to forestall releases right now till we re-establish a series of belief with our developer neighborhood.” The affected Confluence service is now not energetic and privileged credentials have been rotated.

CVE-2021-26084 is a distant code execution vulnerability in Atlassian Confluence that may be exploited with out authentication. Information about it emerged on August 25, when the corporate printed a safety advisory.

A couple of week later, technical particulars grew to become publicly obtainable together with proof-of-concept exploit code. Risk actors began leveraging so closely that the U.S. Cyber Command (USCYBERCOM) issued a warning about mass exploitation.


Source link