Security News > 2022 > October > New Cryptojacking Campaign Targeting Vulnerable Docker and Kubernetes Instances

New Cryptojacking Campaign Targeting Vulnerable Docker and Kubernetes Instances
2022-10-27 07:55

A new cryptojacking campaign has been uncovered targeting vulnerable Docker and Kubernetes infrastructures as part of opportunistic attacks designed to illicitly mine cryptocurrency.

Cybersecurity company CrowdStrike dubbed the activity Kiss-a-dog, with its command-and-control infrastructure overlapping with those associated with other groups like TeamTNT, which are known to strike misconfigured Docker and Kubernetes instances.

The ultimate goal of the campaign is to stealthily mine cryptocurrency using the XMRig mining software as well as to backdoor Redis and Docker instances for mining and other follow-on attacks.

As many as 30 GitHub accounts, 2,000 Heroku accounts, and 900 Buddy accounts are said to have been utilized in the automated freejacking campaign.

The attack entails the creation of an actor-controlled GitHub account, each containing a repository that, in turn, has a GitHub Action to run mining operations by launching a Docker Hub image.

"Using free accounts shifts the cost of running the cryptominers to the service provider," the researchers said.


News URL

https://thehackernews.com/2022/10/new-cryptojacking-campaign-targeting.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Kubernetes 19 12 49 24 6 91
Docker 24 3 27 29 18 77