Security firm Wiz has identified a hacker group, JINX-0132, exploiting vulnerabilities in DevOps tools to conduct widespread cryptocurrency mining attacks. The group targets tools like HashiCorp Nomad/Consul, Docker API, and Gitea, putting approximately 25% of cloud environments at risk. Attack methods include deploying XMRig mining software via Nomad's default configuration, executing malicious scripts through Consul's unauthorized API, and using exposed Docker APIs to create mining containers.