Microsoft says cryptomining attacks are targeting Kubernetes

Ongoing campaign exploits a misconfigured framework

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurityexperts atMicrosofthave shared details about a new campaign that is attacking Kubeflow workloads to deploy malicious pods inKubernetesclusters that are then used for miningcryptocurrency.

Kubeflow is a popularopen sourceframework that’s used for running machine learning (ML) tasks in Kubernetes.

In ablog post, Yossi Weizman, Senior Security Research Engineer, Cloud Security Research, from Microsoft’s Israel Development Center, explains that they spotted the campaign late in May intrigued by a spike in deployments of TensorFlow pods in various Kubernetes clusters.

“The pods ran legitimate TensorFlow images, from the officialDocker Hubaccount. Looking at the entrypoint of the pods, revealed that they aim to mine cryptocurrency,” writes Weizman.

Popular targets

In his analysis of the campaign, Weizman explains that the threat actors deployed the malicious clusters simultaneously, which tells him that the attackers had chalked up the list of potential targets in advance.

He further notes that the threat actors used Internet-exposed Kubeflow dashboards for their cryptomining tasks, which asBleeping Computerexplains should have restricted themselves to local access.

Inside the clusters, the threat actors deployed at least two separate pods, one running XMRig to mine for Monero using the CPU, and the other running Ethminer for miningEthereumon the GPU.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Interestingly, this isn’t the first time malicious users have tried to exploit Kubeflow to repurpose the containers for mining cryptocurrency. Weizman’s team alsounearthed a similar operationin June 2020. In last year’s campaign, the attackers abused exposed Kubeflow dashboards to deploy malicious containers via Jupyter notebooks.

ViaBleeping Computer

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)