Inaugural Attacks Exploit Kubernetes RBAC to Deploy Backdoor

25 April 2023
Cloud security firm Aqua uncovered a massive crypto-mining campaign that creates backdoors and runs miners using Kubernetes (K8s) Role-Based Access Control (RBAC). In this attack, threat actors also check for the presence of other miner malware on the server and then establish persistence using the RBAC. Additionally, they deploy DaemonSets to access resources of the K8s clusters.