March 2, 2023Rabbi LakshmananContainer Security / Cyber ​​Threat

A sophisticated attack campaign called scarlet It targets containerized environments to carry out its own data and software theft.

“Attackers exploited containerized workloads and used them to perform privilege escalation to AWS accounts and steal their own software and credentials,” Sysdig said. Said in a new report.

Advanced cloud attacks also required the deployment of cryptocurrency miner software. This, according to cybersecurity firms, is an attempt to generate illicit profits or a ploy to distract defenders and get them off track.

The original infection vector was by exploiting a vulnerable service exposed on a self-managed Kubernetes cluster hosted on Amazon Web Services (AWS).

Upon gaining a successful foothold, the XMRig crypto miner was launched and credentials were obtained using a bash script. These credentials can be used to further infiltrate your AWS cloud infrastructure and exfiltrate sensitive data.

“Either cryptocurrency mining was the attacker’s initial goal and that goal changed after gaining access to the victim’s environment, or cryptocurrency mining was used as a decoy to evade data exfiltration detection. ” said the company.

Intrusions were also significantly neutralized CloudTrail logs Minimize your digital footprint and keep Sysdig from accessing additional evidence. Overall, the attackers had access to over 1 TB of data, including customer scripts, troubleshooting tools, and log files.

“They also used Terraform state files to pivot to other connected AWS accounts to try to reach across the organization,” the company said. However, this turned out to be unsuccessful due to lack of permissions.

Findings will also come out weeks after Sysdig detailed Another cryptojacking campaign staged by the 8220 gang from November 2022 to January 2023 targeted exploitable Apache web servers and Oracle Weblogic applications.

Did you find this article interesting?Please follow us twitter and LinkedIn To read more exclusive content that we post.



Register now for our membership to gain access to our elite training program and fast forward your career today!


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!

Security Blog

Blue Training Academy

Blue Training Academy was developed in 2018 as a educational and training facility for continuing education and certification courses. Blue Training Academy is an educational institution that allows for all sectors of the public and Criminal Justice field to gain ongoing training and education.

Copyright ©️ All rights reserved. | Blue Training Academy Blog