“Through extensive investigation and critical sources, CloudSEK has confirmed that the ransomware group responsible for this attack is RansomEXX,” CloudSEK said. “Our extensive engagement with the affected banking sector in India made this determination possible.”
The AI-powered, artificial intelligence firm said the attack occurred through a poorly configured Jenkins server, an open source automation tool for developers to build, test, and deploy software, by exploiting a vulnerability (CVE-2024-23897) to gain unauthorized access. .
“According to the report filed by Brontoo Technology Solutions through CertIn (Indian Computer Emergency Response Team) it is said that the series of attacks started from a poorly configured Jenkins server,” added CloudeSEK. “The CloudSEK research team was able to identify the affected Jenkins server and the chain of attacks.” While the situation is still emerging and negotiations with the ransomware group are likely ongoing, the ransomware group has a history of making extreme ransom demands, and we expect a similar approach in this case, CloudSEK added.
Source link