Researchers uncover how Jenkins flaw led to a ransomware attack on India’s digital payment network, affecting several banks and exposing 142 GB of sensitive data
A damaging ransomware attack on a digital payment system used by numerous Indian banks has been traced back to a vulnerability in Jenkins, an open-source automation tool widely employed by software developers. The attack, which crippled services managed by C-Edge Technologies, was linked to CVE-2024-23897, a vulnerability in the Jenkins Command Line Interface, according to a report published this week by Juniper Networks.
The incident began on 31 July, when the National Payments Corporation of India (NPCI), which oversees retail payment systems nationwide, reported a disruption caused by ransomware targeting one of its third-party technology providers. The affected company, C-Edge Technologies, primarily serves regional rural banks. To mitigate the impact, NPCI swiftly isolated C-Edge from its systems, halting customer access to payment services while restoration efforts got underway.
Although services were reinstated the following day, the RansomEXX ransomware gang later claimed responsibility for the attack, boasting on their leak site about having stolen 142 GB of data from a digital payment platform linked to C-Edge.
The study by Juniper Networks, which analysed the NPCI’s report to the Indian Computer Emergency Response Team (CERT-In), underscored the importance of promptly applying security patches and rectifying server misconfigurations. Jenkins, the compromised software, is crucial for developers to build, test, and deploy applications. The CVE-2024-23897 vulnerability, first identified by SonarSource in November last year and patched in January, allows attackers to access sensitive files and data.
Despite the availability of a fix, proof of concept exploits led to immediate attack attempts, given Jenkins’ widespread deployment. With tens of thousands of public-facing Jenkins servers in use, experts like Naveen Sunkavally, chief architect at Horizon3.ai, warned that the vulnerability remains a significant threat, especially when Jenkins servers are misconfigured or when attackers manage to compromise legitimate user accounts.
Sarah Jones, a cyber threat intelligence analyst at Critical Start, highlighted the broader risks, warning that such vulnerabilities could enable hackers to seize vast amounts of sensitive data or potentially take over an organisation’s infrastructure. Beyond the immediate disruption, Jones cautioned, these incidents could inflict lasting damage on reputations, erode trust, and have serious financial and legal repercussions.
