Hackers exploit public DevOps tools for cryptocurrency mining attacks

ChainCatcher message, security company Wiz has discovered that a hacker organization codenamed JINX-0132 is massively exploiting configuration vulnerabilities in DevOps tools for cryptocurrency mining attacks. The attack primarily targets tools such as HashiCorp Nomad/Consul, Docker API, and Gitea, with approximately 25% of cloud environments at risk. The attack methods include: deploying XMRig mining software using Nomad's default configuration, executing malicious scripts through Consul's unauthorized API, and controlling exposed Docker API to create mining containers.