Bug hunter finds cryptocurrency-mining botnet on DOD network
Last month, a security researcher who was searching for bugs as a part of a bounty program discovered a cryptocurrency mining botnet inside a web server operated by the US Department of Defense. The researcher, Nitesh Surana, reported the big through the DOD’s official bug bounty program. The bug report was filed in relation to a Jenkins automation server running on an AWS server associated with the domain that had been misconfigured, but Surana later discovered that anyone could access the Jenkins server without login credentials.
Surana obtained full access, including access to the filesystem. He also reported that the /script folder in the Jenkins installation was open for anyone to access. Although the DOD secured the vulnerable site, Surana revisited his discovery and found that the Jenkins server had already been compromised. Surana then found the cryptocurrency mining botnet, which held approximately $2,700 at the time, however, it is unclear how much value the miner held at any given point between its installation and discovery.