- Researchers have detected a new malware that targets Kubernetes clusters.
- A successful attack can lead to complete crypto mining hijacking and denial of service.
- The malware shares similar traits with TeamTNT tools and domains.
Researchers at Palo Alto Networks Inc recently detected a new malware that seems to be targeting Kubernetes clusters. The malware, called Hildegard, seems to be exploiting a misconfiguration weakness in the Kubernetes.
Once Hidegard gains access to the primary node, the malware spreads and attempts to cryptojack its target.
A cryptojacking occurs when an infected server is illegally exploited to mine for cryptocurrency. This can lead to an operation being completely drained of resources. In addition, every application in the cluster can be disrupted. This results in a complete resource hijacking and denial of service.
Jack Mannino, CEO of nVisium, an application security provider, said about the attack,
“Combined with weaknesses in access control and isolation, this is a good way to gain a foothold into a cluster and establish command control.”
The malware seems to be highly evolved and able to hide. Hildegard apparently can copy a Linux process name to hide its communications. It can also simultaneously attack the control server’s internet relay chatl.
The researchers also noted that the malware resembles a tool and domains used in the past TeamTNT attacks. However, Hildegard seems to be more evolved and a bit different.
Mannino also observed that “As more productions move to cloud-native, the complexity of securing clusters, software development pipelines and cloud architectures become incredibly difficult, as the attack surface significantly expands.”
TeamTNT attacked Docker application programming interfaces as well as Amazon Inc in January. Although researchers first detected Hildegard in January. It is yet to be determined if the malware is connected to TeamTNT.