Threat Intelligence Report

EclecticIQ Fusion Center Report: Hacker Group Makes $3 Million by Installing Monero Miners on Jenkins Servers (English)

A group of actors hacked into Jenkins servers and installed a malware that mines for Monero. This operation resulted in the theft of approximately $3 million (USD).

Report from EclecticIQ Fusion Center from Wednesday 21 February 2018.

Key Findings:

  • The hackers exploited the CVE-2017-1000353 vulnerability, known as the Jenkins RCE flaw, which enables an attacker to execute malicious code without the user's knowledge.
  • The malware was allegedly downloaded from an IP address found in China and associated to the Huaian government network, which has raised suspicion about the attacker's server.
  • Researchers have observed that Jenkins servers running on Windows operating systems, are the most targeted by this hacker group.
  • Jenkins is heavily targeted by hackers, due to its popularity within large companies and freelance web developers.

Download Report

About EclecticIQ

EclecticIQ develops analyst-centric products that align our clients’ cybersecurity focus with their threat reality. The result is intelligence-led security, improved detection, prevention, and response.

EclecticIQ Fusion Center

EclecticIQ Fusion Center delivers thematic intelligence bundles providing a single curated source of relevant CTI from leading suppliers all in a single contract.