February 19, 2018 by

$3 Million in Cryptocurrency: Hackers Pull Off “One of Biggest Mining Operations” Ever

Hackers targeting the servers of popular open source Java-based automation program Jenkins CI have secretly minded millions of dollars in cryptocurrency, security researchers have determined.

According to security researchers at Check Point, cybercriminals believed to be of Chinese origin could be behind a new malware campaign dubbed ‘JenkinsMiner’ wherein attacks have exploited a vulnerability to download and install a crypto-miner for the cryptocurrency Monero.

Researchers wrote:

The perpetrator, allegedly of Chinese origin, has been running the XMRig miner on many versions of Windows, and has already secured him over $3 million worth of Monero crypto-currency. As if that wasn’t enough though, he has now upped his game by targeting the powerful Jenkins CI server, giving him the capacity to generate even more coins.

Specifically, the attackers targeted the CVE-2017-1000353 vulnerability in the Jenkins Java deserlisation implementation. With it, hackers have been tricking Jenkins servers into downloading and installing a Monero miner via the hybridization of a remote access trojan (RAT) and XMRig miner to target victims around the world.

“With every campaign, the malware has gone through several updates and the mining pool used to transfer the profits is also changed,” researchers added. “Although the attack is well operated and maintained, and many mining-pools are used to collect the profits out of the infected machines, it seems that the operator uses only one wallet for all deposits and does not change it from one campaign to the next.”

Deeming it “one of the biggest malicious mining operations ever seen,” Check Point researchers estimated the hackers to have mined and cashed some 10,800 Monero, approximately $3.3 million in the JenkinsMiner campaign over the past 18 months by targeting various versions of Windows.

Image credit: Pexels.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Cryptomining Malware Discovered in US, UK Government Websites

Thousands of websites around the world, including those belonging to UK and US governments, have...

Read more arrow_forward