PANews reported on June 4 that according to The Register, security company Wiz discovered that a hacker group codenamed JINX-0132 is using DevOps tool configuration vulnerabilities to conduct cryptocurrency mining attacks on a large scale. The attack mainly targets tools such as HashiCorp Nomad/Consul, Docker API, and Gitea, and about 25% of cloud environments are at risk. The attack methods include: using Nomad default configuration to deploy XMRig mining software, executing malicious scripts through Consul unauthorized APIs, and controlling exposed Docker APIs to create mining containers. Wiz data shows that 5% of DevOps tools are directly exposed to the public network, of which 30% have configuration defects. The security team recommends that users update software in a timely manner, disable non-essential functions, and limit API access rights.

This attack once again highlights the importance of cloud environment configuration management. HashiCorp's official documentation has previously warned of related risks, but a large number of users still have not enabled basic security features. Experts emphasize that simple configuration adjustments can block most automated attacks.