Scammers use Kubernetes for crypto mining
According to Bitcoin.com, a group of attackers has exploited vulnerabilities in Argo Workflows to abuse Kubernetes and use the cloud computing system for mining Monero (XMR).
Kubernetes suffers crypto mining attack
Attackers have reportedly exploited a vulnerability in the Argo Workflows permissions system, one of the most used Kubernetes execution engines, to swap the platform workflows with their own and thus utilise any computers connected to Argo Workflows to mine Monero.
Kubernetes is an open-source container orchestration engine for automating deployment, scaling, and management of containerized applications in a cluster environment.
Argo Workflows is an open-source container-native workflow engine for orchestrating parallel jobs in Kubernetes.
According to a report by cybersecurity company Intezer, they have already identified the infected nodes and determined all exploitable vulnerabilities that would facilitate such an attack. According to the company, the unprotected nodes allow any user to ping them and insert their own workflows into the system. This means anyone with due skill could deploy the software’s resources to perform any task, including mining digital assets.
Since there are more than 45 containers that can easily be used to mine Monero via Kubernetes, security experts are anticipating an avalanche of attacks targeting this vulnerability.
Similar attacks were previously reported by Microsoft. They also targeted Kubernetes clusters with Kubeflow machine learning (ML) instances. The vulnerability has been used to mine Monero and Ethereum (ETH).
A popular container-orchestration engine Kubernetes has fallen victim to another crypto mining attack. The scammers managed to exploit a vulnerability in the system of permissions of Argo Workflows machines connected to the internet. Kubernetes has become a common target for cyberattacks as part of cryptojacking and other malware activities, and the recent hacks only serve to confirm this trend.
Belgium native who has a passion for writing. Since 2015 I have understood that the blockchain will radically change our lives, and I absolutely want to share my findings with you!