AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Foray into the cloud: Kinsing's new modus operandi

Advanced cyberattack strategies target cloud services through a critical vulnerability

The Kinsing hacker group attacks cloud systems using the Looney Tunables vulnerability to install crypto-mining software and steal credentials.

This pill is also available in Italian language

A new form of cyberattack has been observed in the cloud computing environment, where attackers from the group known as Kinsing, also known as Money Libra, exploit a vulnerability known as Looney Tunables (CVE-2023-4911). This hacker group, operational since 2021, is using this vulnerability to covertly install crypto-mining software in cloud-native environments, affecting platforms such as Kubernetes and other cloud services.

Combined exploitation of PHPUnit and Looney Tunables

The current technique employed by Kinsing is to first use a remote code execution vulnerability (CVE-2017-9841) present in PHPUnit to gain initial access to the system. Next, attackers use the Looney Tunables vulnerability to gain root privileges on the host Linux operating system. The alarm was raised by analysts at Aqua Security who noticed a deviation from Kinsing's usual pattern, observing manual tests rather than their usual automated attacks.

Intense manual activity and information search

After penetrating the systems, the attackers performed a series of manual operations such as gathering system information and user credentials. They also opened new interactive shell sessions and downloaded and executed scripts for managing webshells and exploiting exploits, including the one for Looney Tunables. According to Assaf Morag, lead data analyst at Aqua Security, we are seeing an attempt by Kinsing to obtain details and credentials related to cloud service providers (CSPs).

Towards new threats in cloud computing

This new methodology adopted by Kinsing indicates a potential escalation in group behavior. Previously focused on spreading malware and crypto-mining activities, while also seeking to eliminate the competition or act stealthily, there is now an interest in deepening access to cloud resources. This move suggests that they may be planning more varied and intense actions, thereby increasing the risk to systems and services operating in the cloud.

Follow us on Instagram for more pills like this

11/07/2023 10:59

Marco Verro

Complementary pills

Trivy by Aqua Security: Kubernetes vulnerability scanAn innovative solution to ensure the security of Kubernetes clusters

Last pills

Italy's success in cybersecurityHow Italy achieved excellence in global cybersecurity: strategies, collaborations, and international successes

IntelBroker alleged breach of Deloitte systemsServer exposed: how Deloitte's security may have been compromised by a cyber attack

Vo1d infections on Android TV boxes: how to protect your devicesLearn the essential measures to protect your Android TV boxes from the dreaded Vo1d malware and keep your devices safe from cyber threats

Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in Lebanon