Cybersecurity specialists at Microsoft have shared particulars a few new marketing campaign that’s attacking Kubeflow workloads to deploy malicious pods in Kubernetes clusters which might be then used for mining cryptocurrency.
In a blog post, Yossi Weizman, Senior Safety Analysis Engineer, Cloud Safety Analysis, from Microsoft’s Israel Improvement Heart, explains that they noticed the marketing campaign late in Might intrigued by a spike in deployments of TensorFlow pods in numerous Kubernetes clusters.
“The pods ran reputable TensorFlow pictures, from the official Docker Hub account. Trying on the entrypoint of the pods, revealed that they purpose to mine cryptocurrency,” writes Weizman.
In his evaluation of the marketing campaign, Weizman explains that the risk actors deployed the malicious clusters concurrently, which tells him that the attackers had chalked up the record of potential targets upfront.
He additional notes that the risk actors used Web-exposed Kubeflow dashboards for his or her cryptomining duties, which as Bleeping Pc explains ought to have restricted themselves to native entry.
Contained in the clusters, the risk actors deployed not less than two separate pods, one working XMRig to mine for Monero utilizing the CPU, and the opposite working Ethminer for mining Ethereum on the GPU.
Curiously, this isn’t the primary time malicious customers have tried to use Kubeflow to repurpose the containers for mining cryptocurrency. Weizman’s staff additionally unearthed a similar operation in June 2020. In final yr’s marketing campaign, the attackers abused uncovered Kubeflow dashboards to deploy malicious containers by way of Jupyter notebooks.
By way of Bleeping Computer