Hackers Exploit OpenMetadata Flaws to Install Cryptocurrency Miners on Kubernetes

Hackers Exploit OpenMetadata Flaws to Install Cryptocurrency Miners on Kubernetes

In a recent report by cybersecurity researchers from the Microsoft Threat Intelligence team, a new campaign has been identified where hackers are taking advantage of vulnerabilities in OpenMetadata workloads to install cryptocurrency miners on Kubernetes systems.

The campaign, which began in early April 2024, involves threat actors scanning the internet for OpenMetadata workloads that are susceptible to five specific flaws: CVE-2024-28847, CVE-2024-28848, CVE-2024-28253, CVE-2024-28254, and CVE-2024-28255. Once these flaws are exploited, the attackers gain access to the systems and proceed to install cryptocurrency miners on Kubernetes workloads.

OpenMetadata is a framework and standard for managing metadata in an open and interoperable manner across various platforms. The attackers are using a lightweight program called XMRig to mine the Monero cryptocurrency, known for its privacy features that make it attractive to cybercriminals.

Cryptocurrency mining involves using computer resources to generate digital currency, which can slow down the infected system and increase electricity bills for the victim. Despite the noticeable impact on system performance, the rise in cryptocurrency values has led to an increase in these types of attacks.

The researchers emphasize the importance of maintaining fully patched and compliant workloads in containerized environments to prevent such attacks. As the crypto bull run continues, businesses are advised to stay vigilant and secure their systems against potential threats.

This incident serves as a reminder of the ongoing cybersecurity challenges faced by organizations in the digital age. Stay informed and protected against emerging threats to safeguard your business operations.