Kubernetes RBAC Exploited in Large-Scale Campaign for Cryptocurrency Mining


Role-Based Access Control (RBAC) in Kubernetes (K8s) has been exploited in a large-scale attack effort to run cryptocurrency miners and build backdoors. In a post shared with The Hacker News, cloud security company Aqua said that the attackers also used DaemonSets to commandeer and commandeer resources from the K8s clusters they assault. According to the Israeli business that named the attack RBAC Buster, the threat actor behind this campaign has taken advantage of 60 vulnerable K8s clusters.

The attack chain started with the attacker obtaining initial access through an improperly configured API server, then the attacker examining the compromised server for signs of competing miner software, and finally using RBAC to create persistence.

Read More…