A security researcher last month discovered a cryptocurrency-mining scheme on a web server run by the US Department of Defense.

Indian security researcher Nitesh Surana disclosed the exploit on the DoD’s bug bounty page on January 4. He found out that it was possible to access the server without a password.

“The major impact of this vulnerability is [that] an attacker can exploit and gain access to critical internals of the server,” wrote Surana in his report to the DOD. As a result, an attacker can run remote commands on the server through the Java programming language, uploading any file they want. 

Image: Unsplash

A massive botnet is using YouTube to mine cryptocurrency

A new report from cybersecurity firm ESET has uncovered that the operators behind the Stantinko botnet have been using YouTube pages and channels to install crypto-jacking malware on visitors' computers. The Stantinko botnet, initially discovered in 2017 (though has been operating “covertly” since 2012), has reportedly infected more than half-a-million devices around the world, and targets users primarily in Russia, Kazakhstan, Belarus, and the Ukraine. According to ESET, the operators of the bo...

NewsTechnology
2 min read
Nicholas Marinoff

In the case that an attacker uploaded a file that attacked the server and gave them complete control, “This can later lead to critical information leakage, lateral movement and other catastrophic events as the instance can be manipulated by the skills of the attacker,” said Surana.

Monero
XMR
+120.45%$271.13
24H7D1M1YMAX
Created with Highcharts 10.3.3May '24Jun '24Jul '24Aug '24Sep '24Oct '24Nov '24Dec '24Jan '25Feb '25Mar '25Apr '25May '25May …$100$150$200$250$300
Price data by
XMR price

It looks like someone did exploit the vulnerability to install botnet to mine the privacy coin, Monero. It’s unclear how much they made, but, after Surana posted evidence to support his claims, the DoD quickly controlled the system and had shut it down by January 21.

This isn’t the first time someone’s used state apparatus to mine cryptocurrency. Last year, employees of a Rusian nuclear warhead facility were fined for illegally using the department’s supercomputer to mine for Bitcoin. Its computer is powered by one petaflop, equal to a thousand trillion transactions per second. 

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.