Attackers exploiting new critical vulnerabilities on Kubernetes clusters
May 21, 2024, 11:37 a.m.
Tags
External References
Description
Microsoft security researchers have uncovered an attack campaign exploiting recently disclosed critical vulnerabilities in the OpenMetadata platform to gain unauthorized access to Kubernetes clusters, followed by reconnaissance and the deployment of crypto-mining malware. The vulnerabilities, affecting versions before 1.3.1, allow attackers to bypass authentication and achieve remote code execution. Once gaining initial access, the attackers attempt to gather information about the compromised environment, establish command-and-control, and deploy malicious payloads for cryptocurrency mining. Administrators are advised to update OpenMetadata to the latest patched version and utilize security solutions like Microsoft Defender for Cloud to detect and mitigate such threats.
Date
Published: May 21, 2024, 11:20 a.m.
Created: May 21, 2024, 11:20 a.m.
Modified: May 21, 2024, 11:37 a.m.
Indicators
7c6f0bae1e588821bd5d66cd98f52b7005e054279748c2c851647097fa2ae2df
31cd1651752eae014c7ceaaf107f0bf8323b682ff5b24c683a683fdac7525bad
19a63bd5d18f955c0de550f072534aa7a6a6cc6b78a24fea4cc6ce23011ea01d
8.222.144.60
8.130.115.208
61.160.194.160
Attack Patterns
T1216
T1609
T1086
T1588
T1135
T1064
T1070
T1574
T1083
T1056
T1190
T1059