Ghost blogging platform has been hacked by unknown hackers.
They infected Saltstack's servers to mine cryptocurrency, their virus attack affected Ghost’s billing services (Ghost.org) and Ghost Pro sites, as updated on the company’s status page.
Ghost, one of the popular blogging platforms announced that their servers suffered a security breach by yet to be identified hackers aiming to mine cryptocurrency from the platform’s server. The intrusion to the blogging platform’s backend system was detected by her team of developers in the early hours of May 3 according to the company’s status page.
The breach on the Ghost blogging platform has created a negative impact on the company’s image having been regarded as one of WordPress’s leading competitors housing brand names like Mozilla, Code Academy, Tinder, Bitpay, etc. The method used was via the vulnerability method used by hackers earlier before to breach LineageOS servers.
How The Ghost Servers Was Breached
These hackers have been preying on the recently patched bugs to gain access to Salt servers to plant their cryptocurrency miners. Ghost blogging platform which is based on Node.js is known to run and marketed as not as complicated as WordPress. Ghost’s team of developers stated that the hackers utilized CVE-2020-11651 and CVE-2020-11652 vulnerabilities to gain control over Salt's clasp server.
Having broken into the blog’s servers, their access was limited to Ghost’s billing service venders and Ghost pro sites replacing them with cryptocurrency miner with user’s data and financial details untouched. Ghost developers further stated that the planted cryptocurrency miner tried to spike the CPUs to overload the platform’s security techniques but was instantly alerted of the breach.
The company behind the Salt software known as Saltstack, published patches thereafter to override the vulnerabilities. Users are advised to secure their servers behind a firewall or patch their Salt servers. Ghost was able to restore order to its platform by taking down its servers, eliminating the breach just like counterpart LineageOS.