Security News > 2021 > March > z0Miner botnet hunts for unpatched ElasticSearch, Jenkins servers

z0Miner botnet hunts for unpatched ElasticSearch, Jenkins servers
2021-03-09 15:37

A cryptomining botnet spotted last year is now targeting and attempting to take control of Jenkins and ElasticSearch servers to mine for Monero cryptocurrency.

Z0Miner is a cryptomining malware strain spotted in November by the Tencent Security Team, who saw it infecting thousands of servers by exploiting a Weblogic security vulnerability.

Now, the attackers have upgraded the malware to scan for and attempt to infect new devices by exploiting remote command execution vulnerabilities impacting ElasticSearch and Jenkins servers.

According to a report published by researchers at Qihoo 360's Network Security Research Lab, z0Miner is now probing for servers unpatched against vulnerabilities addressed in 2015 and earlier.

The botnet uses exploits targeting an ElasticSearch RCE vulnerability tracked as CVE-2015-1427 and an older RCE impacting Jenkins servers.

The attackers scanned cloud servers in batches to find unpatched Weblogic servers and compromised them by sending "Carefully constructed data packets" to exploit the vulnerable devices.


News URL

https://www.bleepingcomputer.com/news/security/z0miner-botnet-hunts-for-unpatched-elasticsearch-jenkins-servers/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Jenkins 637 21 1029 434 72 1556
Elasticsearch 8 0 7 4 0 11