<ul><li>A cryptojacking campaign, known as JINX-0132, is targeting exposed DevOps servers like Docker and Gitea to mine cryptocurrency secretly.</li><li>The threat actors exploit misconfigurations and vulnerabilities in tools like Nomad, Consul, Docker, and Gitea to deliver the miner.</li><li>The attackers rely on public GitHub tools and XMRig versions instead of custom malware, making attribution and clustering difficult.</li><li>This campaign highlights the importance of securing DevOps tools properly, as 25% of cloud environments use these technologies, with 5% exposed directly to the internet and 30% of those misconfigured.</li></ul>

Cryptojacking campaign relies on DevOps tools

Discover more