AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Foray into the cloud: Kinsing's new modus operandi

Advanced cyberattack strategies target cloud services through a critical vulnerability

The Kinsing hacker group attacks cloud systems using the Looney Tunables vulnerability to install crypto-mining software and steal credentials.

This pill is also available in Italian language

A new form of cyberattack has been observed in the cloud computing environment, where attackers from the group known as Kinsing, also known as Money Libra, exploit a vulnerability known as Looney Tunables (CVE-2023-4911). This hacker group, operational since 2021, is using this vulnerability to covertly install crypto-mining software in cloud-native environments, affecting platforms such as Kubernetes and other cloud services.

Combined exploitation of PHPUnit and Looney Tunables

The current technique employed by Kinsing is to first use a remote code execution vulnerability (CVE-2017-9841) present in PHPUnit to gain initial access to the system. Next, attackers use the Looney Tunables vulnerability to gain root privileges on the host Linux operating system. The alarm was raised by analysts at Aqua Security who noticed a deviation from Kinsing's usual pattern, observing manual tests rather than their usual automated attacks.

Intense manual activity and information search

After penetrating the systems, the attackers performed a series of manual operations such as gathering system information and user credentials. They also opened new interactive shell sessions and downloaded and executed scripts for managing webshells and exploiting exploits, including the one for Looney Tunables. According to Assaf Morag, lead data analyst at Aqua Security, we are seeing an attempt by Kinsing to obtain details and credentials related to cloud service providers (CSPs).

Towards new threats in cloud computing

This new methodology adopted by Kinsing indicates a potential escalation in group behavior. Previously focused on spreading malware and crypto-mining activities, while also seeking to eliminate the competition or act stealthily, there is now an interest in deepening access to cloud resources. This move suggests that they may be planning more varied and intense actions, thereby increasing the risk to systems and services operating in the cloud.

Follow us on Instagram for more pills like this

11/07/2023 10:59

Marco Verro

Complementary pills

Trivy by Aqua Security: Kubernetes vulnerability scanAn innovative solution to ensure the security of Kubernetes clusters

Last pills

Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in Lebanon

Data breach: Fortinet faces new hack, 440GB of stolen informationFortinet under attack: hackers breach security and make information public. discover the details and the consequences for the privacy of involved users

Shocking cyber espionage discoveries: nation-state threatsHow state-of-state cyberwarfare is changing the game in the tech industry: Details and analysis of recent attacks

A new era for Flipper Zero with firmware 1.0Discover the revolutionary features of Flipper Zero firmware 1.0: performance improvements, JavaScript, and enhanced connectivity