A security researcher hunting for bug bounties discovered last month that a cryptocurrency-mining botnet had found a home and burrowed inside a web server operated by the US Department of Defense (DOD).
The issue was discovered and reported via the DOD’s official bug bounty program by Indian security researcher Nitesh Surana.
Initially, the bug report was filed in relation to a misconfigured Jenkins automation server running on an Amazon Web Services (AWS) server associated with a DOD domain.