Cybersecurity researchers have found a new cryptojacking campaign, known as JINX-0132, targeting public DevOps servers to illicitly mine cryptocurrencies. The attackers exploit vulnerabilities and misconfigurations in Docker, Gitea, and HashiCorp Consul and Nomad. Notably, the campaign marks the first known exploitation of Nomad misconfigurations. The use of GitHub repositories for downloading tools make attribution difficult. The hackers have compromised numerous servers, costing tens of thousands of dollars monthly.
A Mini Shai-Hulud Targeting the SAP Ecosystem – GitGuardian Blog
A Mini Shai-Hulud Targeting the SAP Ecosystem GitGuardian Blog
