Who Was Responsible For Hacking Both IBM & Stanford University?

Uploaded on 2022-07-11 in TECHNOLOGY--Hackers, FREE TO VIEW

The threat detection experts at CloudSEK have used their XVigil Artificial Intelligence (AI) platform to identify a post made to a cyber crime forum, where a threat actor has taken credit for hacking exploits.

In a website post the company researchers describe how  an open source automation server platform known as 'Jenkins' is one of the channels used by an as yet unidentified  threat actor in attacks against both IBM and Stanford University. The post contained a sample screenshot as proof of their claimed access to a Jenkins dashboard. 

According to CloudSEK,  the hackers aim to deliver a module containing hidden desktop takeover capabilities by exploiting clicks on seeming innocuous advertisements posted on the Internet. 

CloudSEK say that the Jenkins dashboard bypass contains internal hosts and scripts, in addition to database credentials and logins. On the same forum, CloudSEK found that the actor admitted to targeting IBM, particularly via internal administrators’ scrips and firewall configurations. Then, a private script is deployed to conduct fuzzing and obtain vulnerable instances that are then exploited. 

According to further posts, the hacker say they also targeted IBM and claimed responsibility for hacking Jozef Safarik University in Slovakia and Stanford University.

Cyber security researchers claim that modules such as Jenkins can be used to deliver sophisticated ransomware attacks, making them particularly dangerous. Reports from XVigil suggested government access to the domains was discovered from multiple countries, including Ukraine, United Arab Emirates, Pakistan and Nepal.

CloudSEK researchers say they expect this malicious campaign to ramp up bot infection attempts.

CloudSEK:   TEISS:      Oodaloop:     Infosecurity Magazine:     IT Security Guru:    The Cybersecurity:     Inside

You Might Also Read: 

Lapsus$ Hackers Targeted T-Mobile:
 

« How Do You Solve A Problem Like The Cyber Security Skills Gap?
History Of Cyber Crime - Part 3 - Overview »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Celestya

Celestya

Celestya is dedicated to providing the most advanced and cost effective systems for human behavior education on cybersecurity awareness training.

Maritime Cybersecurity Center (MCC)

Maritime Cybersecurity Center (MCC)

Maritime Cybersecurity Center is a not-for-profit organization focused on regional cybersecurity excellence and readiness, with a special emphasis on the maritime community.

Global Security Network (GSN)

Global Security Network (GSN)

GSN focuses on specialized IT Security solutions & services for the military, law enforcement, critical infrastructure and oil & gas sectors in the Middle East.

Romanian Association for Information Security Assurance (RAISA)

Romanian Association for Information Security Assurance (RAISA)

RAISA promotes and supports information security activities and creates a community for the exchange of knowledge between specialists, academic and corporate environment in Romania.

Excelsecu Data Technology

Excelsecu Data Technology

Excelsecu is a global solution provider of online identity authentication, widely applied in banks, government bodies and enterprises.

National Cybersecurity Student Association (NCSA)

National Cybersecurity Student Association (NCSA)

The National Cybersecurity Student Association is a one-stop-shop to enhance the educational and professional development of cybersecurity students through activities, networking and collaboration.

Attack Research

Attack Research

We go far beyond standard tools and scripted tests. Find out if your network or technology can stand real-world and dedicated attackers.

BluBracket

BluBracket

BluBracket is the first comprehensive security solution that makes code safe—so developers can innovate and collaborate, and security teams can sleep at night.

LGMS - LE Global Services

LGMS - LE Global Services

LGMS is a leading cyber security penetration testing and assessment firm in the Asia Pacific region.

Slamm Technologies

Slamm Technologies

Slamm Technologies is a trusted IT firm that offers Cyber Security Support, Corporate IT Solutions and Professional IT Training courses with international certification.

Locuz

Locuz

At Locuz, we’ve made it our mission to help businesses like yours create an actionable digital strategy.

Chainguard

Chainguard

Founded by the industry's leading experts on open source software, security and cloud native development, Chainguard are on a mission to make the software supply chain secure by default.

Eqlipse Technologies

Eqlipse Technologies

Eqlipse Technologies provides products and high-end engineering solutions to customers in the Department of Defense and Intelligence Community.

Certcube Labs

Certcube Labs

Certcube Labs provide a broad range of services in the areas of Assessments, Development, Risk Advisory, Blockchain, Forensics Investigations, Managed Security Solutions, and IT Security Trainings.

Ultima

Ultima

Ultima are on a mission to help businesses unlock their true potential by using the right IT to protect your company’s revenue and reputation – 24/7.

Neosoft

Neosoft

Néosoft is an independent digital transformation consulting group with expertise in Consulting & Agility, Cybersecurity, Data, DevOps, Infrastructure & Cloud and Software Engineering.