This crypto-mining botnet was basically residing inside a web server of DOD. After discovering, the Indian security researcher Nitesh Surana reported and informed DOD about this issue through its official bug bounty program. According to the report, one of the DOD’s Jenkins servers was infected by the crypto-mining botnet.
Full access to Jenkins server was open to everyone
The bug report was actually related to the misconfigured Jenkins automation server. This server operates on AWS (Amazon Web Services) which is connected with the DOD domain.
Nitesh Surana says that complete access to Jenkins sever was open to everyone. There was no need for login credentials to get access to Jenkins server even access to filesystem was also possible. According to the security researcher, a part of Jenkins’ installation/script folder was also available to everyone. In this folder, users upload their content and files.
He said that a hacker or attacker could install a backdoor in this folder and might upload malicious files into this. He warned DOD that by doing this, the attacker could take control over the Jenkins server.
Researcher claims Server was already hacked before his report
The bug hunter informed the Department of Defense (DOD) that the Jenkins Server was already hacked even before he discovered it. He came to know about this fact while he re-checked his findings.
Nitesh Surana discovered a malware operation specialized in hacking cloud servers and installing Monero-mining malware while he was tracking down the clues. This crypto-mining botnet used Monero wallet address in order to collect funds, therefore, ZDNet tried to find this address. According to Google results, there were around tens of mentions of this address.
It was also discovered with the help of XMRHunter service that there were almost 35.4 Monero coins in this Monero address. So, it was unlikely to confirm that this botnet operation was being operated on this address.
Official bug bounty program of DOD
The US Department of Defense (DOD) has been hosting and running an official bug bounty program on the HackerOne platform for many years. The bug hunter used this bug bounty platform to inform DOD about this crypto-mining botnet.
The Indian Security researcher also said that this case was made public and also revealed the fact that he was not given any reward for this report.