• Latest
  • Trending
  • All
Criminals Exploit Kubernetes Role-Based Access Control For Crypto Mining Purposes – CryptoMode

Criminals Exploit Kubernetes Role-Based Access Control For Crypto Mining Purposes – CryptoMode

April 25, 2023
SEC’s climate disclosure rule proposal explained

SEC’s climate disclosure rule proposal explained

June 4, 2023
Bitcoin Ecosystem and its Global Network and Stakeholders

Bitcoin Ecosystem and its Global Network and Stakeholders

June 3, 2023
DigiToads Redefines The Memecoin Game, Outpacing Dogecoin In Popularity

DigiToads Redefines The Memecoin Game, Outpacing Dogecoin In Popularity

June 3, 2023
Ethereum Fees Plunge 69% Following A Yearly High In May, What This Means For ETH

Ethereum Fees Plunge 69% Following A Yearly High In May, What This Means For ETH

June 3, 2023
Litecoin (LTC) Halving Rally Looms: Popular Analyst’s Bold Outlook

Litecoin (LTC) Rockets Up 14% in a Week, 6.8% in 24 Hours: Santiment Reveals Key Factors

June 3, 2023
The Trending Coin in The Crypto Market

The Trending Coin in The Crypto Market

June 3, 2023
A Sneak Peek Into The Future

A Sneak Peek Into The Future

June 3, 2023
OpenAI CTO’s Twitter Account Hacked, Used to Promote Fake $OPENAI Crypto Airdrop

OpenAI CTO’s Twitter Account Hacked, Used to Promote Fake $OPENAI Crypto Airdrop

June 3, 2023
BIT Mining Dumps ETH After Merge, Seeking Greener Pastures

BIT Mining Dumps ETH After Merge, Seeking Greener Pastures

June 3, 2023
Dogecoin price up 4%, Conflux and Tradecurve set market leading returns

Dogecoin price up 4%, Conflux and Tradecurve set market leading returns

June 3, 2023
Announcing the Client Incentive Program

Announcing the Client Incentive Program

June 3, 2023
Binance Coin (BNB) introducing a New Gas Grant, Litecoin (LTC) Recording Impressive Milestones TMS Network (TMSN) Price Surges

Binance Coin (BNB) introducing a New Gas Grant, Litecoin (LTC) Recording Impressive Milestones TMS Network (TMSN) Price Surges

June 3, 2023
Sunday, June 4, 2023
DLT EMPIRE
  • Home
  • Bitcoin
  • Ethereum
  • Blockchain
  • Altcoin
  • Crypto Mining
  • Dogecoin
  • Litecoin
  • Market
No Result
View All Result
DLT EMPIRE
No Result
View All Result
Home Crypto Mining

Criminals Exploit Kubernetes Role-Based Access Control For Crypto Mining Purposes – CryptoMode

by Cuevas Antonio
April 25, 2023
in Crypto Mining
0
Criminals Exploit Kubernetes Role-Based Access Control For Crypto Mining Purposes – CryptoMode
491
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter


A recent large-scale attack campaign, nicknamed RBAC Buster, has been discovered exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) to create backdoors and execute cryptocurrency mining operations. Israeli cloud security firm Aqua has shared its findings on this malicious activity after identifying 60 vulnerable K8s clusters targeted by the threat actors behind the campaign.

Gaining Initial Access through Misconfigured API Servers

The RBAC Buster attack chain begins with the threat actor obtaining initial access through a misconfigured API server. Once inside the compromised server, the attacker searches for competing miner malware before utilizing RBAC to establish persistence within the system.

Aqua’s report details the attacker’s steps: “The attacker created a new ClusterRole with near admin-level privileges. Next, the attacker created a ‘ServiceAccount,’ and ‘kube-controller’ in the ‘kube-system’ namespace. Lastly, the attacker created a ‘ClusterRoleBinding,’ binding the ClusterRole with the ServiceAccount to create a strong and inconspicuous persistence.”

In the cases observed against Aqua’s K8s honeypots, the attacker sought to exploit deliberately exposed AWS access keys to gain a stronger foothold in the environment, exfiltrate data, and break free from the cluster’s confines.

Deploying Cryptocurrency Miners through DaemonSets

The final phase of the RBAC Buster attack involves the threat actor creating a DaemonSet to deploy a container image hosted on Docker (“Kubernetes/kube-controller:1.0.1”) across all nodes. This container, downloaded 14,399 times since its upload five months ago, contains a cryptocurrency miner.

Aqua noted, “The container image named ‘Kubernetes/kube-controller’ is a case of typosquatting that impersonates the legitimate ‘Kubernetes’ account. Unfortunately, the image also mimics the popular ‘kube-controller-manager’ container image, a critical component of the control plane, running within a Pod on every master node, responsible for detecting and responding to node failures.”

Similarities to Another Cryptocurrency Mining Operation

Interestingly, some tactics used in the RBAC Buster campaign resemble those in another illegal cryptocurrency mining operation that leveraged DaemonSets to mine Dero and Monero. It remains uncertain whether these two sets of attacks are connected.

The attack has various stages, from gaining initial access through misconfigured API servers to deploying cryptocurrency miners through DaemonSets. It also highlights the similarities between this campaign and other illicit cryptocurrency mining operations.

None of the information on this website is investment or financial advice and does not necessarily reflect the views of CryptoMode or the author. CryptoMode is not responsible for any financial losses sustained by acting on information provided on this website by its authors or clients. Always conduct your research before making financial commitments, especially with third-party reviews, presales, and other opportunities.



Source link

Tags: AccessControlCriminalsCryptoCryptoModeExploitKubernetesMiningPurposesRoleBased
Share196Tweet123Share49
Cuevas Antonio

Cuevas Antonio

  • Trending
  • Comments
  • Latest
Rise of AI-Powered Cheating: Challenges and Solutions for Educators

Rise of AI-Powered Cheating: Challenges and Solutions for Educators

March 20, 2023
Former FTX US President Reportedly Quit After ‘Protracted Disagreement’ With Bankman-Fried

Former FTX US President Reportedly Quit After ‘Protracted Disagreement’ With Bankman-Fried

April 10, 2023
What is Cloud Mining and How Does it Work?

What is Cloud Mining and How Does it Work?

April 10, 2023
Silicon Valley Bank: Bitcoin investors in panic as market goes sideways

Silicon Valley Bank: Bitcoin investors in panic as market goes sideways

0
24 Crypto Terms You Should Know

24 Crypto Terms You Should Know

0
Bitcoin, Ethereum, Dogecoin Rally As Team Biden Cushions SVB Blow

Bitcoin, Ethereum, Dogecoin Rally As Team Biden Cushions SVB Blow

0
SEC’s climate disclosure rule proposal explained

SEC’s climate disclosure rule proposal explained

June 4, 2023
Bitcoin Ecosystem and its Global Network and Stakeholders

Bitcoin Ecosystem and its Global Network and Stakeholders

June 3, 2023
DigiToads Redefines The Memecoin Game, Outpacing Dogecoin In Popularity

DigiToads Redefines The Memecoin Game, Outpacing Dogecoin In Popularity

June 3, 2023

Recent News

SEC’s climate disclosure rule proposal explained

SEC’s climate disclosure rule proposal explained

June 4, 2023
Bitcoin Ecosystem and its Global Network and Stakeholders

Bitcoin Ecosystem and its Global Network and Stakeholders

June 3, 2023
DigiToads Redefines The Memecoin Game, Outpacing Dogecoin In Popularity

DigiToads Redefines The Memecoin Game, Outpacing Dogecoin In Popularity

June 3, 2023

Categories

  • Altcoin
  • Altcoin News
  • Altcoins
  • Artificial Intelligence
  • Bitcoin
  • Blockchain
  • Business
  • Crypto Mining
  • Cryptocurrencies
  • Culture
  • Dogecoin
  • Economy
  • Education
  • Ethereum
  • Featured
  • Governance
  • Litecoin
  • Market
  • News
  • Uncategorized

Converter

Cryptocurrency Prices by Coinlib

© 2023 Dlt Empire | All Rights Reserved

No Result
View All Result
  • Home
  • Bitcoin
  • Ethereum
  • Blockchain
  • Altcoin
  • Crypto Mining
  • Dogecoin
  • Litecoin
  • Market

© 2023 Dlt Empire | All Rights Reserved