The attack represents the latest in a global hacking spree targeting Jira servers, with Hellcat employing their signature method of exploiting compromised credentials to gain unauthorized access to sensitive corporate infrastructure. Jira, a project management and issue-tracking platform widely used by software developers and IT teams, often contains sensitive data including source code, authentication keys, IT plans, customer information, and internal discussions related to projects. Organizations utilizing Jira systems are advised to implement robust credential management protocols, including regular password rotation, multi-factor authentication, and prompt revocation of third-party access when no longer needed. The ongoing Hellcat campaign demonstrates that outdated but valid credentials remain a significant security vulnerability that sophisticated threat actors continue to exploit. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. Examination of ransomware payloads shows that Hellcat shares code with the Morpheus ransomware group, both utilizing the Windows Cryptographic API and BCrypt algorithm for encryption. According to Rey, a member of the Hellcat hacking group who communicated with BleepingComputer, the attackers exfiltrated approximately 44GB of data from Ascom’s systems. In the JLR breach, Hellcat exploited the credentials of an LG Electronics employee who had third-party access to JLR’s Jira server. The stolen information reportedly includes source code for multiple products, project details, invoices, confidential documents, and issues from the company’s ticketing system. Recent victims of Hellcat include major corporations such as Schneider Electric, Telefónica, Orange Group, and Jaguar Land Rover (JLR). The Hellcat group has established a consistent pattern of targeting Jira servers worldwide. Their sophisticated attack chain includes PowerShell infection sequences to establish persistence, defense evasion techniques, and command-and-control infrastructure that deploys SliverC2 malware.
This Cyber News was published on cybersecuritynews.com. Publication date: Fri, 21 Mar 2025 09:35:20 +0000