Who Was Responsible For Hacking Both IBM & Stanford University?

Uploaded on 2022-07-11 in TECHNOLOGY--Hackers, FREE TO VIEW

The threat detection experts at CloudSEK have used their XVigil Artificial Intelligence (AI) platform to identify a post made to a cyber crime forum, where a threat actor has taken credit for hacking exploits.

In a website post the company researchers describe how  an open source automation server platform known as 'Jenkins' is one of the channels used by an as yet unidentified  threat actor in attacks against both IBM and Stanford University. The post contained a sample screenshot as proof of their claimed access to a Jenkins dashboard. 

According to CloudSEK,  the hackers aim to deliver a module containing hidden desktop takeover capabilities by exploiting clicks on seeming innocuous advertisements posted on the Internet. 

CloudSEK say that the Jenkins dashboard bypass contains internal hosts and scripts, in addition to database credentials and logins. On the same forum, CloudSEK found that the actor admitted to targeting IBM, particularly via internal administrators’ scrips and firewall configurations. Then, a private script is deployed to conduct fuzzing and obtain vulnerable instances that are then exploited. 

According to further posts, the hacker say they also targeted IBM and claimed responsibility for hacking Jozef Safarik University in Slovakia and Stanford University.

Cyber security researchers claim that modules such as Jenkins can be used to deliver sophisticated ransomware attacks, making them particularly dangerous. Reports from XVigil suggested government access to the domains was discovered from multiple countries, including Ukraine, United Arab Emirates, Pakistan and Nepal.

CloudSEK researchers say they expect this malicious campaign to ramp up bot infection attempts.

CloudSEK:   TEISS:      Oodaloop:     Infosecurity Magazine:     IT Security Guru:    The Cybersecurity:     Inside

You Might Also Read: 

Lapsus$ Hackers Targeted T-Mobile:
 

« How Do You Solve A Problem Like The Cyber Security Skills Gap?
History Of Cyber Crime - Part 3 - Overview »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Serena

Serena

Serena Software helps increase speed of the software development lifecycle while enhancing security, compliance, and performance.

Illumio

Illumio

Illumio delivers adaptive security for every computing environment, protecting the 80% of data center and cloud traffic missed by the perimeter.

Bolton Labs

Bolton Labs

Bolton Labs is a leading provider cybersecurity services, tools, and analysis for MSPs and organizations who want to scale their security offerings.

National Security Authority (NBU) - Slovakia

National Security Authority (NBU) - Slovakia

The National Security Authority (NBU) is the central government body in Slovakia for the Protection of Classified Information, Cryptographic Services, Trust Services and Cyber Security.

Cyber Discovery

Cyber Discovery

Cyber Discovery, the UK Government's Cyber Schools Programme, is a learning programme designed to give young people the opportunity to learn the skills needed to enter the cyber security profession.

Network Integrated Business Solutions (NIBS)

Network Integrated Business Solutions (NIBS)

NIBS is an IT services provider offering a range of services with the aim of simplifying and securing technology.

Novastor

Novastor

NovaStor® is an award-winning, international data backup and recovery software company with solutions supporting physical, virtual and cloud environments.

Genius Guard

Genius Guard

Genius Guard specializes in DDoS Protection, DDoS Protected Webhosting, HYIP Hosting, Bitcoin Hosting, Cryptocurrency Hosting.

OpenAVN (DefenseArk)

OpenAVN (DefenseArk)

Defending your life online, keeping your data safe and private. We detect digital threats magnitudes faster than the leading antivirus software.

Accedian

Accedian

Accedian is a leader in performance analytics and end user experience solutions, dedicated to providing our customers with the ability to assure their digital infrastructure.

ClearShark

ClearShark

Since 2001, ClearShark has been a go-to adviser in the U.S. Public Sector for creating customized and integrated solutions for the most secure of networks.

SoftForum

SoftForum

SoftForum is a company specializing in next-generation information security solutions in the Quantum-Resistant-Cryptography (PQC) field.

Somerville

Somerville

Somerville are a full service IT partner with over 40 years experience delivering exceptional service and value to our customers.

Threat Con

Threat Con

Threat Con is a one of its kind event in Nepal, a series of annual international security conventions similar to the famous Black Hat and DEF CON conferences.

Cloudaeris

Cloudaeris

Cloudaeris is a trusted Microsoft Partner, and we've got what it takes to make your business more efficient and agile.

Alpha Echo

Alpha Echo

Specialising in security advice and enterprise-wide Cyberworthiness, Alpha Echo helps Australia deliver on cyber outcomes at a military grade level.