A new criminal campaign is targeting Kubernetes clusters on Microsoft Azure to turn misconfigured Kubeflow workloads into cryptominers.
Kubeflow is an open source project that started as a toolkit for learning TensorFlow in Kubernetes and has since become a common framework for running machine learning applications in containers. Microsoft researchers found a suspicious image from a public repository being deployed on Azure Kubernetes clusters. The image resulted in a cryptominer named XMRig being run in the containers.
Because of Kubeflow's nature, it provides an excellent backdoor for attackers looking to gain access to Kubernetes containers within a cluster. The researchers recommend all Kubernetes cluster owners to check that any Kubeflow dashboards are not exposed to the Internet and that a container named "ddsfdfsaadfs" is not running within their clusters. More broadly, owners should only run trusted images and should monitor containers based on them for activity.
Read more here.