The Node.js-based blogging platform Ghost is the latest victim in an ongoing hacking campaign that has already hit tens of companies.
Hackers have been scanning the internet for servers running the software Salt which is used by businesses to manage and automate their servers inside data centers, cloud server clusters and enterprise networks. This is because two recently-patched bugs in the software can be exploited to gain access to Salt servers.
Just hours before Ghost had its servers hacked, attackers managed to breach the servers of the mobile operating system LineageOS by exploiting the same flaws in Salt.
- Nearly $10bn worth of cryptocurrency was stolen in the past three years
- Hackers siphon millions in cryptocurrency from dForce exchange
- These are the best blogging sites
Ghost hack
According to Ghost's developers, the hackers exploited the authentication bypass CVE-2020-11651 and directory traversal CVE-2020-11652 to take control over the company's Salt master server.
However, they did not steal any financial information or user credentials from the company while they had access to the Ghost (Pro) site and Ghost.org billing services. Instead, the hackers installed a cryptocurrency miner on Ghost's servers just as they did to LineageOS.
This cryptocurrency miner is what alerted Ghost to the hack in the first place as the mining attempt spiked the company's CPUs and quickly overloaded most of its systems.
In a status page, the Ghost developer team explained that it has successfully recovered from the hack, saying:
“All traces of the crypto-mining virus were successfully eliminated yesterday, all systems remain stable, and we have not discovered any further concerns or issues on our network. The team is now working hard on remediation to clean and rebuild our entire network.”
- We've also highlighted the best website builder
Via ZDNet
