Security News > 2023 > November > Looney Tunables bug exploited for cryptojacking
Kinsing threat actors have been spotted exploiting the recently disclosed Looney Tunables vulnerability to covertly install cryptomining software into cloud-native environments.
Kinsing is a threat actor group that has been active since late 2021, targeting cloud-native environments and applications - Kubernetes clusters, Docker API, Redis, Jenkins and Openfire servers, cloud-hosted Apache NiFi instances, and so on - to deploy cryptominers.
Kinsing exploiting PHPUnit and Looney Tunables vulnerabilities.
"Typically, Kinsing engages in fully automated attacks with the primary objective of mining cryptocurrency. However, in this recent discovery, we observed Kinsing conducting manual tests, a deviation from their usual modus operandi," noted Assaf Morag, Lead Data Analyst at Aqua Security.
"Ultimately, it becomes apparent that Kinsing is attempting to enumerate the details and credentials associated with the Cloud Service Provider," Morag shared.
"From what we know, this is the first time Kinsing has tried to collect this kind of information. Before, they mostly focused on spreading their malware and running a cryptominer, often trying to increase their chances to succeed by eliminating competition or evading detection. This new move shows that Kinsing might be planning to do more varied and intense activities soon, which could mean a bigger risk for systems and services that run on the cloud."
News URL
https://www.helpnetsecurity.com/2023/11/07/kinsing-exploiting-looney-tunables/