CloudSEK has reportedly used an artificial intelligence platform to identify a post made to a cybercrime forum. The post mentioned open source automation server platform Jenkins as one of the techniques and procedures used by a threat actor in attacks that were conducted against IBM and Stanford University. According to CloudSEK, who utilized the XVigil platform, the module contains hidden desktop takeover capabilities leveraged by threat actors to obtain clicks on advertisements posted on the internet. The cybercrime forum post was detected in early May on an English-speaking forum. CloudSEK obtained a sample screenshot as proof of access to a Jenkins dashboard.

According to the cybersecurity company, the hacker would have leveraged search engines such as Shodan to target public assets belonging to compromised companies. Afterwards, a private script is deployed to conduct fuzzing and obtain vulnerable instances that are then exploited. CloudSEK states that the Jenkins dashboard bypass contains internal hosts and scripts, in addition to database credentials and logins. On the same forum, CloudSEK found that the actor admitted to targeting IBM, particularly via internal administrators’ scrips and firewall configurations. Cybersecurity researchers claim that modules such as Jenkins can be used to enable persistance and launch sophisticated ransomware attacks, making them particularly dangerous.

Read More: Threat Actor Claims Responsibility For IBM and Stanford University Hack