Turning Jenkins Into a Cryptomining Machine From an Attacker's Perspective
Essential information
- Published
- 05/07/2024 15:26
- Modified
- 05/07/2024 16:21
- Tags
- 2024-07-05 cryptominer groovy language jenkins script console linux
- Related entities
- 4 observables, 10 techniques (mitre)
Description
This report analyzes how threat actors can exploit misconfigured Jenkins servers to execute malicious Groovy scripts, leading to activities like deploying cryptocurrency miners. Misconfigurations exposing the /script endpoint allow remote code execution, enabling attackers to run scripts that download and execute miner binaries while maintaining persistence through cron jobs and systemd utilities.
External references
- https://www.trendmicro.com/content/dam/trendmicro/global/en/research/24/g/turning-jenkins-into-a-cryptomining-machine-from-an-attackers-perspective/ioc-turning-jenkins-into-a-cryptomining-machine-from-an-attacker-perspective.txt
- https://www.trendmicro.com/en_us/research/24/g/turning-jenkins-into-a-cryptomining-machine-from-an-attackers-pe.html
- https://otx.alienvault.com/pulse/6688109d6e2eec4cc151dc96