Security News > 2021 > June > Microsoft warns of cryptomining attacks on Kubernetes clusters
Microsoft warns of an ongoing series of attacks compromising Kubernetes clusters running Kubeflow machine learning instances to deploy malicious containers that mine for Monero and Ethereum cryptocurrency.
The attacks had started towards the end of May when Microsoft security researchers observed a sudden increase in TensorFlow machine learning pod deployments.
While the pods were legitimate from the official Docker Hub repository, the attackers modified them to mine for cryptocurrency on compromised Kubernetes clusters by deploying ML pipelines using the Kubeflow Pipelines platform.
"The attack is still active, and new Kubernetes clusters that run Kubeflow get compromised," Weizman warned.
This campaign follows a similar campaign from April 2020, which also abused powerful Kubernetes clusters as part of a large-scale cryptomining campaign.
Even though Microsoft detected several other campaigns targeting Kubernetes clusters in the past exploiting Internet-exposed services, the April 2020 campaign was the first time an attack specifically targeted Kubeflow environments.
News URL
Related news
- Microsoft Identifies Storm-0501 as Major Threat in Hybrid Cloud Ransomware Attacks (source)
- DOJ, Microsoft seize 107 domains used in Russia's Star Blizzard phishing attacks (source)
- Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (source)
- Microsoft issues 117 patches – some for flaws already under attack (source)
- Microsoft Detects Growing Use of File Hosting Services in Business Email Compromise Attacks (source)
- Microsoft: Ransomware Attacks Growing More Dangerous, Complex (source)
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
- Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining (source)
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)