Security News > 2021 > June > Microsoft warns of cryptomining attacks on Kubernetes clusters
Microsoft warns of an ongoing series of attacks compromising Kubernetes clusters running Kubeflow machine learning instances to deploy malicious containers that mine for Monero and Ethereum cryptocurrency.
The attacks had started towards the end of May when Microsoft security researchers observed a sudden increase in TensorFlow machine learning pod deployments.
While the pods were legitimate from the official Docker Hub repository, the attackers modified them to mine for cryptocurrency on compromised Kubernetes clusters by deploying ML pipelines using the Kubeflow Pipelines platform.
"The attack is still active, and new Kubernetes clusters that run Kubeflow get compromised," Weizman warned.
This campaign follows a similar campaign from April 2020, which also abused powerful Kubernetes clusters as part of a large-scale cryptomining campaign.
Even though Microsoft detected several other campaigns targeting Kubernetes clusters in the past exploiting Internet-exposed services, the April 2020 campaign was the first time an attack specifically targeted Kubeflow environments.
News URL
Related news
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft fixes under-attack privilege-escalation holes in Hyper-V (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams (source)
- Microsoft Teams phishing attack alerts coming to everyone next month (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- Critical RCE bug in Microsoft Outlook now exploited in attacks (source)
- Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks (source)
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)