Scammers use Kubernetes for crypto mining

According to Bitcoin.com, a group of attackers has exploited vulnerabilities in Argo Workflows to abuse Kubernetes and use the cloud computing system for mining Monero (XMR).

Kubernetes suffers crypto mining attack

Attackers have reportedly exploited a vulnerability in the Argo Workflows permissions system, one of the most used Kubernetes execution engines, to swap the platform workflows with their own and thus utilise any computers connected to Argo Workflows to mine Monero.

Kubernetes is an open-source container orchestration engine for automating deployment, scaling, and management of containerized applications in a cluster environment.

Argo Workflows is an open-source container-native workflow engine for orchestrating parallel jobs in Kubernetes.

According to a report by cybersecurity company Intezer, they have already identified the infected nodes and determined all exploitable vulnerabilities that would facilitate such an attack. According to the company, the unprotected nodes allow any user to ping them and insert their own workflows into the system. This means anyone with due skill could deploy the software’s resources to perform any task, including mining digital assets.

Since there are more than 45 containers that can easily be used to mine Monero via Kubernetes, security experts are anticipating an avalanche of attacks targeting this vulnerability.

Similar attacks were previously reported by Microsoft. They also targeted Kubernetes clusters with Kubeflow machine learning (ML) instances. The vulnerability has been used to mine Monero and Ethereum (ETH).

A popular container-orchestration engine Kubernetes has fallen victim to another crypto mining attack. The scammers managed to exploit a vulnerability in the system of permissions of Argo Workflows machines connected to the internet. Kubernetes has become a common target for cyberattacks as part of cryptojacking and other malware activities, and the recent hacks only serve to confirm this trend.

Plus d’actions
Partagez

( Rédacteur & Trader )

Belgium native who has a passion for writing. Since 2015 I have understood that the blockchain will radically change our lives, and I absolutely want to share my findings with you!

DISCLAIMER
The views, thoughts, and opinions expressed in this article belong solely to the author, and should not be taken as investment advice. Do your own research before taking any investment decisions.
Back To Top

Newsletter

Get the best and most up-to-date crypto news straight to your inbox

Newsletter subscription

Archives

Read the latest newsletters
Click here

Free coaching

Free coaching/ Receive a free hour of coaching with an expert/ Fill in this form and our expert will contact you within 48 hours./Log into your coaching portal

© Copyright Cointribune - tous droits réservés

Agence Tempo