PANews June 4 news, according to The Register, security company Wiz discovered that a hacker organization codenamed JINX-0132 is massively exploiting configuration vulnerabilities in DevOps tools for cryptocurrency mining attacks. The attack primarily targets tools such as HashiCorp Nomad/Consul, Docker API, and Gitea, with approximately 25% of cloud environments at risk. Attack methods include: deploying XMRig mining software using Nomad's default configuration, executing malicious scripts through Consul's unauthorized API, and controlling exposed Docker API to create mining containers. Wiz data shows that 5% of DevOps tools are directly exposed to the public internet, with 30% having configuration flaws. The security team recommends that users promptly update software, disable unnecessary features, and restrict API access permissions.
This attack once again highlights the importance of configuration management in cloud environments. HashiCorp's official documentation had previously warned of related risks, but many users have still not enabled basic security features. Experts emphasize that simple configuration adjustments can block most automated attacks.
