Security News > 2023 > January > Kinsing Crypto Malware Hits Kubernetes Clusters via Misconfigured PostgreSQL
The threat actors behind the Kinsing cryptojacking operation have been spotted exploiting misconfigured and exposed PostgreSQL servers to obtain initial access to Kubernetes environments.
Kinsing has a storied history of targeting containerized environments, often leveraging misconfigured open Docker daemon API ports as well as abusing newly disclosed exploits to drop cryptocurrency mining software.
Now according to Microsoft, misconfigurations in PostgreSQL servers have been co-opted by the Kinsing actor to gain an initial foothold, with the company observing a "Large amount of clusters" infected in this manner.
"In general, allowing access to a broad range of IP addresses is exposing the PostgreSQL container to a potential threat," Bruskin explained.
"Exposing the cluster to the Internet without proper security measures can leave it open to attack from external sources," Bruskin said.
Attackers can gain access to the cluster by taking advantage of known vulnerabilities in images."
News URL
https://thehackernews.com/2023/01/kinsing-cryptojacking-hits-kubernetes.html
Related news
- Crypto-stealing malware campaign infects 28,000 people (source)
- Perfctl malware strikes again as crypto-crooks target Docker Remote API servers (source)
- North Korean Hackers Target Crypto Firms with Hidden Risk Malware on macOS (source)
- North Korean hackers use new macOS malware against crypto firms (source)