The Register: Illicit crypto-miners pouncing on lazy DevOps configs that leave clouds vulnerable

Jun 3, 2025

—

Source URL: https://www.theregister.com/2025/06/03/illicit_miners_hashicorp_tools/
Source: The Register
Title: Illicit crypto-miners pouncing on lazy DevOps configs that leave clouds vulnerable

Feedly Summary: To stop the JINX-0132 gang behind these attacks, pay attention to HashiCorp, Docker, and Gitea security settings
Up to a quarter of all cloud users are at risk of having their computing resources stolen and used to illicitly mine for cryptocurrency, after crims cooked up a campaign that targets publicly accessible DevOps tools.…

AI Summary and Description: Yes

Summary: The text highlights a significant security threat posed by the JINX-0132 gang, which is leveraging vulnerabilities in widely used DevOps tools like HashiCorp, Docker, and Gitea. This threat specifically concerns cloud computing resources, with implications for security professionals focusing on cloud and infrastructure security.

Detailed Description: The content sheds light on the alarming trend of cybercriminals exploiting publicly accessible DevOps tools to steal cloud computing resources for illicit activities, such as cryptocurrency mining. This situation underscores the pressing need for enhanced security measures in cloud environments, particularly for organizations using tools that may not be adequately secured.

Key points include:
– **Cyber Threat**: The JINX-0132 gang is specifically noted for targeting cloud users via vulnerabilities in popular DevOps tools.
– **Prevalence of Risk**: Approximately 25% of cloud users are potentially vulnerable to these types of attacks due to inadequate security settings.
– **Tools at Risk**: The mention of HashiCorp, Docker, and Gitea indicates a focus on widely used platforms that may lack stringent security configurations, making them attractive targets for cybercriminals.
– **Implications for Security Professionals**: Security experts must prioritize the auditing of settings within these tools to prevent unauthorized access and resource theft.

Given the current threat landscape, it is crucial for organizations to adopt a proactive approach by:
– Regularly reviewing security settings on cloud-based DevOps tools.
– Implementing multi-factor authentication and role-based access controls.
– Ensuring compliance with best practices in cloud security to mitigate risks associated with resource exploitation.

Overall, this content is pertinent for professionals engaged in cloud computing security, as it highlights a specific threat vector they must address to protect their infrastructures effectively.

01 1 2 2025 3 5 a access access control access controls Act after AGI AI and app ARM art as attack attacks audit auditing authentication based based Access Control based access controls Best best practices Bi by C CERN CI CIA Cloud cloud computing cloud computing security cloud environment cloud environments cloud security cloud-based co compliance Computing concerns Configuration configurations content control controls core Crypto cryptocurrency cryptocurrency mining Current cyber cyber threat cybercriminal cybercriminals D de DevOps Docker e effective end enhanced security enhanced security measures environment event exp expert Experts exploit Exploitation fact factor authentication for g Gen GIS git Gitea gs H HashiCorp high Highlight HR http HTTPS ICO implications implications for security in infrastructure infrastructure security infrastructures io Iron ite J k Key l land led Li M making measures mini multi multi-factor authentication N no o of on opt organization organizations oS over platform platforms point potential pre proactive professionals public Q R rag RCE red resource resources Risk risks Ro Role role-based access Role-Based Access Control RoT s sec secure security security configurations Security Expert security experts security measure security measures security professionals security threat settings Sig SoC source specific SSO structures T text the theft threat threat landscape threat vector to tool tools Tor TP type unauthorized access under up US use user Users uth V val vulnerabilities Wi x