Security News > 2021 > July > Threat Actors Target Kubernetes Clusters via Argo Workflows
Threat actors are abusing Argo Workflows to target Kubernetes deployments and deploy crypto-miners, according to a warning from security vendor Intezer.
An open-source, container-native workflow engine that runs on Kubernetes, Argo Workflows allows users to run parallel jobs at ease from a central interface, reducing deployment complexity and leaving less room for errors.
Argo uses YAML files to define the type of work to be performed, with the workflows being executed either from a template or submitted directly using the Argo console.
On the misconfigured instances, Intezer said threat actors could access an open Argo dashboard and deploy their workflow.
To check whether their instances have been properly configured, users can simply attempt to access the Argo Workflows dashboard from outside the corporate network, using an incognito browser, and without authentication.
Users are also advised to check their Argo instances for any suspicious activity, and ensure that no workflows have been running for an excessive amount of time, as this could indicate that a crypto-miner has been deployed in the cluster.