Who Was Responsible For Hacking Both IBM & Stanford University?

Uploaded on 2022-07-11 in TECHNOLOGY--Hackers, FREE TO VIEW

The threat detection experts at CloudSEK have used their XVigil Artificial Intelligence (AI) platform to identify a post made to a cyber crime forum, where a threat actor has taken credit for hacking exploits.

In a website post the company researchers describe how  an open source automation server platform known as 'Jenkins' is one of the channels used by an as yet unidentified  threat actor in attacks against both IBM and Stanford University. The post contained a sample screenshot as proof of their claimed access to a Jenkins dashboard. 

According to CloudSEK,  the hackers aim to deliver a module containing hidden desktop takeover capabilities by exploiting clicks on seeming innocuous advertisements posted on the Internet. 

CloudSEK say that the Jenkins dashboard bypass contains internal hosts and scripts, in addition to database credentials and logins. On the same forum, CloudSEK found that the actor admitted to targeting IBM, particularly via internal administrators’ scrips and firewall configurations. Then, a private script is deployed to conduct fuzzing and obtain vulnerable instances that are then exploited. 

According to further posts, the hacker say they also targeted IBM and claimed responsibility for hacking Jozef Safarik University in Slovakia and Stanford University.

Cyber security researchers claim that modules such as Jenkins can be used to deliver sophisticated ransomware attacks, making them particularly dangerous. Reports from XVigil suggested government access to the domains was discovered from multiple countries, including Ukraine, United Arab Emirates, Pakistan and Nepal.

CloudSEK researchers say they expect this malicious campaign to ramp up bot infection attempts.

CloudSEK:   TEISS:      Oodaloop:     Infosecurity Magazine:     IT Security Guru:    The Cybersecurity:     Inside

You Might Also Read: 

Lapsus$ Hackers Targeted T-Mobile:
 

« How Do You Solve A Problem Like The Cyber Security Skills Gap?
History Of Cyber Crime - Part 3 - Overview »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

NuHarbor Security

NuHarbor Security

NuHarbor is a leading information security consulting and advisory firm specializing in Information Security, Compliance, and Risk Management.

Council of European Professional Informatics Societies (CEPIS)

Council of European Professional Informatics Societies (CEPIS)

CEPIS is the representative body of national informatics associations throughout Europe and represent over 450,000 ICT and informatics professionals in 32 countries.

Mako Group

Mako Group

The Mako Group specializes in protection - providing security through auditing, testing, and assessments. And, we do it all with the highest quality standards possible.

NetMotion Software

NetMotion Software

NetMotion Software specializes in mobile performance management solutions to manage, secure and support the mobile enterprise.

Resource Centre for Cyber Forensics (RCCF)

Resource Centre for Cyber Forensics (RCCF)

RCCF is a pioneering institute, pursuing research activities in the area of Cyber Forensics.

7 Elements

7 Elements

7 Elements is an independent IT security testing company providing expertise in technical information assurance through security testing, incident response and consultancy.

Expel

Expel

Expel provide transparent managed security services, 24x7 detection, response and resilience.

Sharktech

Sharktech

Sharktech designs, develops, and supports advanced DDoS protection and web technologies.

Nineteen Group

Nineteen Group

Nineteen Group delivers major-scale exhibitions within the security, fire, emergency services, health and safety, facilities management and maintenance engineering sectors.

National Institute for Research & Development in Informatics (ICI Bucharest) - Romania

National Institute for Research & Development in Informatics (ICI Bucharest) - Romania

ICI Bucharest is the most important institute in the field of research, development and innovation in information and communication technology (ICT) in Romania.

OpenAVN (DefenseArk)

OpenAVN (DefenseArk)

Defending your life online, keeping your data safe and private. We detect digital threats magnitudes faster than the leading antivirus software.

CCX Technologies

CCX Technologies

CCX Technologies design and develop a wide range of cybersecurity and testing solutions for the aviation, and military and government markets.

Supra ITS

Supra ITS

Supra ITS is a leading full-service technology partner offering IT Consulting, Cloud Services, 24x7 Managed IT & Cybersecurity Services, and IT Project Support.

Synersoft BLACKbox

Synersoft BLACKbox

Synersoft, the maker of path-breaking and disruptive technology for SMEs, now branded as BLACKbox, is an incubated and invested portfolio company of CIIE - IIM-Ahmedabad.

Krash Consulting

Krash Consulting

Krash Consulting is a premier provider of Cyber Security solutions, offering a range of services to safeguard businesses against cyber-attacks, minimize fraud, and protect brand reputation globally.

CommScope

CommScope

CommScope is pushing the boundaries of technology to create the world’s most advanced wired and wireless networks.