According to ZDNet, the servers of the open-source blogging platform Ghost have been compromised by hackers to mine cryptocurrency as part of an extensive ransomware campaign.
The malicious actors were able to gain unauthorized access to Ghost by exploiting some bugs in the Salt software that is used for managing the company’s servers.
Overloaded CPUs
A Ghost representative sates that cybercriminals did not steal any of their users’ personal or financial information. Instead, they were focused on cryptojacking -- the process of stealthily mining cryptocurrency (usually privacy coins in the likes of Monero).
Ghost developers felt the heat when the company’s CPUs became overloaded due to a massive mining operation. They took down all servers and brought them back online after patching systems.
More vulnerable companies
Prior to that, the hackers managed to breach the servers of the LineageOS operating system by relying on the same Salt vulnerabilities.
One cybersecurity expert warns that the campaign threatens banks and Fortune 500 companies:
"We're seeing unpatched Salt servers at banks, web hosters, and Fortune 500 companies."
Arman Shirinyan
Tomiwabold Olajide
Yuri Molchan
Gamza Khanzadaev
Godfrey Benjamin