Open source blogging platform Ghost was hacked hours after LineageOS servers got breached with the same vulnerabilities.
Hackers exploited vulnerabilities CVE-2020-11651 an authentication bypass and CVE-2020-11652 a directory traversal to take control and to gain remote code execution capabilities on its Salt master server.
Salt software is used for managing company’s servers.Using Salt vulnerabilities, the hackers installed a cryptocurrency miner due to which the company’s CPUs became overloaded. The Ghost team took down its servers and addressed the flaws before resuming operations. The team is now working on remediation to clean and rebuild the network.
A Ghost representative stated that cybercriminals had access to the Ghost (Pro) sites and Ghost.org billing services, but did not steal any of their users’ personal or financial information. Instead, they were focused on cryptojacking to mine cryptocurrency as part of an extensive ransomware campaign.
The operators of the infamous Kinsing botnet are speculated to be behind the attacks.
Although, Ghost website states that all traces of the cryptomining virus were successfully eliminated, Adcy.io recommends to install the available security updates, change passwords and enable the two-factor authentication as an extra layer of security.