Kubernetes RBAC Exploited in Large-Scale Campaign for Cryptocurrency Mining

Role-Based Access Control (RBAC) in Kubernetes (K8s) has been exploited in a large-scale attack effort to run cryptocurrency miners and build backdoors. In a post shared with The Hacker News, cloud security company Aqua said that the attackers also used DaemonSets to commandeer and commandeer resources from the K8s clusters they assault. According to the Israeli business that named the attack RBAC Buster, the threat actor behind this campaign has taken advantage of 60 vulnerable K8s clusters.

The attack chain started with the attacker obtaining initial access through an improperly configured API server, then the attacker examining the compromised server for signs of competing miner software, and finally using RBAC to create persistence.

Kubernetes RBAC Exploited in Large-Scale Campaign for Cryptocurrency Mining

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Kubernetes RBAC Exploited in Large-Scale Campaign for Cryptocurrency Mining

21-Apr-23

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address