Home News Hackers Attack Blogging Platform “Ghost” To Mine Cryptocurrency

Hackers Attack Blogging Platform “Ghost” To Mine Cryptocurrency

Patchwork BADNEWS, APT31 threat group

Ghost, a blogging platform, recently admitted that it suffered a security breach in which hackers exploited critical vulnerabilities in its servers. In an official release, the Singapore-based company stated that unknown threat actors abused two vulnerabilities CVE-2020-11651 and CVE-2020-11652 in its Saltstack master to mine cryptocurrency on its servers. Saltstack is an open-source software used by data centers and cloud servers. Ghost stated that the incident came to light when hackers’ mining attempts spiked its CPUs and systems.

Ghost is an open source and free to use blogging platform aimed at simplifying the process of online publishing for individual bloggers and online publications.

According to Ghost, the hacking incident occurred on May 3, 2020, at 03:24 BST when the company updated its status checker page and noticed the abnormal activity when its server reported a service outage. At 10:15 BST the same day, Ghost revealed the incident, and a fix has been released to restore its servers.

“We’ve introduced multiple new firewalls and security precautions today which are unfortunately causing instability on our network and affecting some customer sites. We have restored all services and everything should be functioning as normal. We are still investigating the root cause of the issue with our upstream providers,” Ghost said in a statement.

It is said that the attack affected both Ghost (Pro) sites and Ghost.org billing services. Ghost also clarified that there is no evidence that personal data of its customers like passwords, and any credit card or financial information was compromised.

“We’re continuing to monitor all systems closely, whilst also working carefully to cycle all sessions, passwords and keys on every affected service as a precaution. Our additional firewall configurations are now running and working as expected. All connectivity issues have been resolved and customer sites are loading as normal again,” the statement added.