Cybersecurity researchers have uncovered a hacking campaign exploiting misconfigured DevOps tools like HashiCorp Nomad, Consul, Docker APIs, and Gitea to deploy Monero cryptocurrency miners. The attackers utilize publicly available tools and avoid traditional identifiers, making detection difficult. #HashiCorpNomad #CryptocurrencyMining
Keypoints
- The malicious campaign targets misconfigured DevOps infrastructures to mine cryptocurrency.
- Attackers exploit default or weak configurations in Nomad, Consul, Docker, and Gitea for remote code execution.
- The Monero miner is delivered via open-source tools downloaded directly from GitHub repositories.
- Approximately 5% of cloud environments expose these DevOps tools directly to the internet, increasing risk.
- Wiz recommends securing Nomad and Consul with ACLs, patching Gitea, and disabling open Docker APIs to prevent abuse.
Read More: https://www.securityweek.com/cryptojackers-caught-mining-monero-via-exposed-devops-infrastructure/