Post

Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub

Posted
By Tom Grant
1 min read
Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub

TL;DR

A new cryptojacking campaign is targeting DevOps web servers, exploiting known misconfigurations to mine cryptocurrencies. This campaign, dubbed JINX-0132 by cloud security firm Wiz, leverages off-the-shelf tools from GitHub to carry out its attacks.

Main Content

Cybersecurity researchers have uncovered a sophisticated cryptojacking campaign targeting publicly accessible DevOps web servers. This campaign, monitored by cloud security firm Wiz under the name JINX-0132, exploits a range of known misconfigurations in popular DevOps tools such as Docker, Gitea, and HashiCorp Consul and Nomad. The attackers utilize off-the-shelf tools readily available on GitHub to illicitly mine cryptocurrencies1.

Targeted DevOps Tools

The campaign primarily targets the following DevOps tools:

  • Docker: A popular platform for developing, shipping, and running applications in containers.
  • Gitea: A community-driven, lightweight code hosting solution written in Go.
  • HashiCorp Consul and Nomad: Tools for service mesh and workload orchestration, respectively.

Exploitation Methods

The attackers behind JINX-0132 exploit known misconfigurations in these tools to gain unauthorized access. Once access is obtained, they deploy cryptojacking scripts to mine cryptocurrencies using the server’s resources. This not only compromises the security of the DevOps environment but also leads to increased resource consumption and potential performance degradation2.

Mitigation Strategies

To protect against such cryptojacking campaigns, organizations should implement the following best practices:

  • Regular Security Audits: Conduct frequent security audits to identify and rectify misconfigurations.
  • Access Control: Enforce strict access control policies to limit unauthorized access.
  • Monitoring and Alerts: Implement robust monitoring and alerting systems to detect unusual activity.
  • Patch Management: Ensure that all DevOps tools are up-to-date with the latest security patches.

For more details, visit the full article: source

Conclusion

The JINX-0132 cryptojacking campaign highlights the importance of maintaining secure configurations in DevOps environments. By exploiting known vulnerabilities, attackers can compromise servers and use them for illicit cryptocurrency mining. Organizations must stay vigilant and adopt proactive security measures to safeguard their infrastructure against such threats.

References

  1. The Hacker News (2025). “Cryptojacking Campaign Exploits DevOps APIs Using Off-the-Shelf Tools from GitHub”. The Hacker News. Retrieved 2025-06-02. ↩︎

  2. Wiz (2025). “JINX-0132 Cryptojacking Campaign”. Wiz. Retrieved 2025-06-02. ↩︎

Cybersecurity & Data Protection, Cybersecurity
cybersecurity cryptojacking devops
This post is licensed under CC BY 4.0 by the author.