Microsoft says cryptomining attacks are targeting Kubernetes

(Image credit: Yevhen Vitte / Shutterstock)
Audio player loading…

Cybersecurity (opens in new tab) experts at Microsoft have shared details about a new campaign that is attacking Kubeflow workloads to deploy malicious pods in Kubernetes (opens in new tab) clusters that are then used for mining cryptocurrency (opens in new tab).

Kubeflow is a popular open source (opens in new tab) framework that’s used for running machine learning (ML (opens in new tab)) tasks in Kubernetes.

In a blog post (opens in new tab), Yossi Weizman, Senior Security Research Engineer, Cloud Security Research, from Microsoft’s Israel Development Center, explains that they spotted the campaign late in May intrigued by a spike in deployments of TensorFlow pods in various Kubernetes clusters.

“The pods ran legitimate TensorFlow images, from the official Docker Hub (opens in new tab) account. Looking at the entrypoint of the pods, revealed that they aim to mine cryptocurrency,” writes Weizman.

In his analysis of the campaign, Weizman explains that the threat actors deployed the malicious clusters simultaneously, which tells him that the attackers had chalked up the list of potential targets in advance.

He further notes that the threat actors used Internet-exposed Kubeflow dashboards for their cryptomining tasks, which as Bleeping Computer explains should have restricted themselves to local access.

Inside the clusters, the threat actors deployed at least two separate pods, one running XMRig to mine for Monero using the CPU, and the other running Ethminer for mining Ethereum (opens in new tab) on the GPU.

Interestingly, this isn’t the first time malicious users have tried to exploit Kubeflow to repurpose the containers for mining cryptocurrency. Weizman’s team also unearthed a similar operation (opens in new tab) in June 2020. In last year’s campaign, the attackers abused exposed Kubeflow dashboards to deploy malicious containers via Jupyter notebooks.

Via Bleeping Computer (opens in new tab)

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.