BACKDOORED IMAGE

Developers have noticed that latest version of a SSH jump host which they are using for remote access is acting weirdly. When inspecting logs, they notice logins from strange accounts that should not be there. Their own dev account password also seems to be compromised, as logins are coming from unknown IP addresses. Sysadmins have recreated the jump host container from the latest image but with no luck. Same activity is still seen. Could the Docker repository be hacked? Could the hackers have tampered with the image? You must find out!

Pull the image from docker.io/cybexer/ctf-jumphost:icsc and find out how the image was compromised.