On August 1, a major bank payment system failure occurred in India due to an attack on the service provider of some banks, C-Ed Technologies, by the Mr. program. Juniper Networks {described the hacking process} in detail in their report.
The vulnerability in C-Ed Technologies was a result of an incorrectly configured Jenkins server, which allowed attackers to gain unauthorized access to the company’s systems and deploy the Mr. program. The attackers were identified as the Ransomexx group, known for targeting enterprises, government institutions, and banking organizations worldwide.
The specific vulnerability used in the attack, CVE-2024-23897 with a rated severity of 9.8, enabled attackers to read arbitrary files on the Jenkins controller without authentication and execute malicious code.
Security researchers familiar with Jenkins’ vulnerabilities recreated attack scenarios and developed POC-EXECTIY scripts to demonstrate the exploit on GitHub.
The attack began by sending a payload to the Jenkins server to execute a malicious command, exploiting a software flaw that allowed cybercriminals to bypass security protocols and access valuable information, including user data. The attackers then used the WireShark network analysis tool for subsequent command execution and result retrieval.
Juniper Networks experts highlighted the importance of regular software updates and configurations to prevent such attacks. The incident underscores the significance of strict configuration management, particularly for critical systems like Jenkins.
Furthermore, the incident underscores the importance of adopting a Zero Trust model, where no default trust is granted to any device or user, and continuous monitoring of all operations and users is crucial for protection against similar threats.