Cloud Security

Microsoft warns of attacks on Kubeflow-running Kubernetes clusters

June 10, 2021
Security researchers at Microsoft have raised the alarm on an ongoing attack by threat actors who are deploying malicious TensorFlow pods into Kubernetes clusters that run Kubeflow instances so they can mine cryptocurrency through their targets, according to Threatpost. As the attack is still ongoing, there is a possibility that any new Kubernetes cluster running Kubeflow has been compromised, the company warns.

According to the researchers, the attacks involve pods that run legitimate TensorFlow images in order to evade detection, and they also note the simultaneous deployment of these malicious TensorFlow images, which hint that the threat actors had scanned the clusters earlier to identify potential targets and later launched their attack on the targets at the same time.

A similar attack was reported in June last year, which also targeted Kubeflow workloads and exploited misconfigured dashboards to initiate a massive XMRIG Monero-mining campaign. This version has ben modified to exploit access to the Kubeflow centralized dashboard so that the attackers can create a new pipeline. Once the attackers have access to the pipeline’s user interface, they are able to create a new cluster, which would be composed of containers running TensorFlow images that enable cryptocurrency mining.
Jill Aitoro

SC Media Editor in Chief Jill Aitoro has 20 years of experience editing and reporting on technology, business and policy. She also serves as editorial director at SC Media’s parent company, CyberRisk Alliance. Prior to joining CRA, she worked at Sightline Media as editor of Defense News and executive editor of the Business-to-Government Group. She previously worked at Washington Business Journal and Nextgov, covering federal technology, contracting and policy, as well as CMP Media’s VARBusiness and CRN and Penton Media’s iSeries News.

prestitial ad