Bug Hunter Nitesh Surana Discovers Crypto-mining Botnet Inside a Web Server of US DOD
An Indian security researcher as well as a bug hunter, Nitesh Surana found a crypto-mining botnet on the network of US Department of Defense (DOD).
This crypto-mining botnet was basically residing inside a web server of DOD. After discovering, the Indian security researcher Nitesh Surana reported and informed DOD about this issue through its official bug bounty program. According to the report, one of the DOD’s Jenkins servers was infected by the crypto-mining botnet.
Full access to Jenkins server was open to everyone
The bug report was actually related to the misconfigured Jenkins automation server. This server operates on AWS (Amazon Web Services) which is connected with the DOD domain.
Nitesh Surana says that complete access to Jenkins sever was open to everyone. There was no need for login credentials to get access to Jenkins server even access to filesystem was also possible. According to the security researcher, a part of Jenkins’ installation/script folder was also available to everyone. In this folder, users upload their content and files.
He said that a hacker or attacker could install a backdoor in this folder and might upload malicious files into this. He warned DOD that by doing this, the attacker could take control over the Jenkins server.
Researcher claims Server was already hacked before his report
The bug hunter informed the Department of Defense (DOD) that the Jenkins Server was already hacked even before he discovered it. He came to know about this fact while he re-checked his findings.
Nitesh Surana discovered a malware operation specialized in hacking cloud servers and installing Monero-mining malware while he was tracking down the clues. This crypto-mining botnet used Monero wallet address in order to collect funds, therefore, ZDNet tried to find this address. According to Google results, there were around tens of mentions of this address.
It was also discovered with the help of XMRHunter service that there were almost 35.4 Monero coins in this Monero address. So, it was unlikely to confirm that this botnet operation was being operated on this address.
Official bug bounty program of DOD
The US Department of Defense (DOD) has been hosting and running an official bug bounty program on the HackerOne platform for many years. The bug hunter used this bug bounty platform to inform DOD about this crypto-mining botnet.
https://twitter.com/DC3VDP/status/1223260093355044865
The Indian Security researcher also said that this case was made public and also revealed the fact that he was not given any reward for this report.
Tokenhell produces content exposure for over 5,000 crypto companies and you can be one of them too! Contact at info@tokenhell.com if you have any questions. Cryptocurrencies are highly volatile, conduct your own research before making any investment decisions. Some of the posts on this website are guest posts or paid posts that are not written by Tokenhell authors (namely Crypto Cable , Sponsored Articles and Press Release content) and the views expressed in these types of posts do not reflect the views of this website. Tokenhell is not responsible for the content, accuracy, quality, advertising, products or any other content or banners (ad space) posted on the site. Read full terms and conditions / disclaimer.