Security News > 2023 > August > Malicious Campaigns Exploit Weak Kubernetes Clusters for Crypto Mining

Exposed Kubernetes clusters are being exploited by malicious actors to deploy cryptocurrency miners and other backdoors.

Cloud security firm Aqua, in a report shared with The Hacker News, said a majority of the clusters belonged to small to medium-sized organizations, with a smaller subset tied to bigger companies, spanning financial, aerospace, automotive, industrial, and security sectors.

In total, Kubernetes clusters belonging to more than 350 organizations, open-source projects, and individuals were discovered, 60% of which were the target of an active crypto-mining campaign.

0.0.0` -accept-hosts `.*`". "Housing a wide array of sensitive and valuable assets, Kubernetes clusters can store customer data, financial records, intellectual property, access credentials, secrets, configurations, container images, infrastructure credentials, encryption keys, certificates, and network or service information," security researchers Michael Katchinskiy and Assaf Morag said.

Found among the exposed K8s clusters are pods lists containing sensitive environment variables and access keys that could be exploited by bad actors to burrow deep into the target environment, access source code repositories, and worse, introduce malicious modifications if possible.

A closer examination of the clusters has revealed three different ongoing campaigns aimed at mining cryptocurrency, including a Dero cryptojacking operation, RBAC Buster, and TeamTNT's Silentbob.

News URL

https://thehackernews.com/2023/08/malicious-campaigns-exploit-weak.html