HellCat Ransomware Hits Firms using Infostealer-Stolen Jira Credentials

By /

Listen to this Post

According to Hudson Rock’s report shared with Hackread.com, the company traced every one of these breaches back to the same root cause: Jira credentials stolen by infostealer malware. These malware variants, including StealC, Raccoon, Redline, and Lumma Stealer, harvested login info from infected employee machines months (sometimes years) before the actual attacks.

Read the full article here

You Should Know: How to Detect and Prevent Infostealer Attacks

Infostealers like Lumma, Redline, and Raccoon are designed to extract credentials, cookies, and sensitive data from infected systems. Below are key commands and steps to detect and mitigate such threats:

1. Detecting Infostealer Activity on Linux

 Check for suspicious processes 
ps aux | grep -E 'stealc|raccoon|redline|lumma'

Monitor network connections 
sudo netstat -tulnp | grep -i "unknown"

Scan for malicious files 
sudo find / -name "stealc" -o -name "raccoon" -o -name "redline" -o -name "lumma"

Check cron jobs for persistence 
crontab -l 
ls -la /etc/cron

2. Windows Detection & Removal

 Check running processes 
Get-Process | Where-Object {$_.ProcessName -match "stealc|raccoon|redline|lumma"}

Scan for registry persistence 
reg query HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Analyze network connections 
netstat -ano | findstr ESTABLISHED

3. Securing Jira Credentials

  • Enable Multi-Factor Authentication (MFA)
  • Rotate credentials after suspected breaches
  • Monitor Jira audit logs for unauthorized access
  • Use endpoint detection (EDR) like CrowdStrike or SentinelOne

4. Preventing Future Infections

  • Block known infostealer C2 servers via firewall: 
    sudo iptables -A INPUT -s <malicious_IP> -j DROP
  • Regularly update anti-malware signatures
  • Educate employees on phishing risks

What Undercode Say

Infostealers remain a critical threat due to their silent data exfiltration capabilities. Enterprises must adopt zero-trust policies, enforce strict credential hygiene, and deploy behavioral-based detection to counter advanced malware.

Expected Output:

- Suspicious process found: /tmp/.stealc 
- Unauthorized Jira login attempt detected 
- Blocked C2 IP: 185.143.223.11

For deeper analysis, refer to:

References:

Reported By: Alon Gal – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: