Home / Tech News / Hackers Attacked Ghost Blogging Platform and LineageOS Servers Using Salt Vulnerabilities

Hackers Attacked Ghost Blogging Platform and LineageOS Servers Using Salt Vulnerabilities

According to the development team of the Ghost blogging platform, hackers attacked it using the Authentication bypass vulnerabilities (CVE-2020-11651) and directory bypass (CVE-2020-11652) vulnerabilities in Salt in order to gain control over the main server.

Currently underway is a large-scale malicious campaign, during which were hacked systems of various companies. Cybercriminals actively scan the Network for servers with Salt software installed, used to manage and automate servers inside data centers, cloud server clusters, and corporate networks.

“Although the criminals had access to the Ghost (Pro) sites and Ghost.org billing services, they did not steal financial information or user credentials. Instead, they downloaded a cryptocurrency miner”, – inform Ghost developers.

The mining attempt caused a load of processors and overloaded most computer systems, immediately warning specialists about the problem. Ghost developers shut down all the servers, fixed the systems, and a few hours later resumed their work.

According to some experts, the attacks were most likely carried out using an automatic vulnerability scanner that detected outdated Salt servers, and then automatically exploited two vulnerabilities for installing malware.

“It is possible that the perpetrators of these attacks do not even know which companies they are currently hacking. Vulnerable Salt-servers are fixed in banks, web-hosting and Fortune 500 companies”, – said the experts.

Also, having exploited vulnerabilities in the installation of the Saltstack Salt framework, hackers gained unauthorized access to the infrastructure of the LineageOS mobile operating system, created on the basis of Android and used in smartphones, tablets and set-top boxes.

According to the LineageOS team’s notification, they discovered the hack before the attackers could do any harm.

“The source code of the operating system and its assembly, the release of which was suspended on April 30 for reasons unrelated to the hacking, was not affected. The attackers failed to gain access to the keys for signing the official versions of LineageOS, since they are stored separately from the main OS infrastructure”, – said the developers of LineageOS.

Saltstack, the developer of Salt software, has already released patches for these vulnerabilities. Currently, researchers discovered on the Internet about 6 thousand vulnerable Salt servers.

Let me remind you that recently IS researcher discovered a critical vulnerability in GitLab.

About Vladimir Krasnogolovy

Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.

Check Also

Discord as a tool for stealing password

Hackers use Discord as a tool for stealing passwords

The Bleeping Computer magazine warns that the new version of the AnarchyGrabber Trojan steals passwords …

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.