Microsoft Warns of Exploitation of OpenMetadata Vulnerabilities in Kubernetes Environments for Cryptocurrency Mining
Crooks are taking advantage of month-old OpenMetadata vulnerabilities in Kubernetes environments to mine cryptocurrency using victims’ resources, as reported by Microsoft. OpenMetadata is a suite of open-source software designed for organizing and working with large amounts of information, allowing for data search, security, and data import/export capabilities.
In March, the maintainers of the OpenMetadata project disclosed and fixed five security vulnerabilities affecting versions prior to 1.3.1. These vulnerabilities could be exploited to bypass authentication and gain remote code execution (RCE) within OpenMetadata deployments. Since the beginning of April, cybercriminals have been exploiting these unpatched vulnerabilities in installations exposed to the internet.
The vulnerabilities being exploited include critical flaws such as improper authentication (CVE-2024-28255), code-injection bugs leading to RCE (CVE-2024-28847, CVE-2024-28253, CVE-2024-28848), and an OS command injection flaw (CVE-2024-28254). Attackers scan for Kubernetes-based OpenMetadata deployments exposed online, exploit the vulnerabilities to gain access to the container, and then collect information on the victim’s network, hardware configuration, OS version, and active users.
In other news, Microsoft has reported increased efforts from Russia and China to interfere in the upcoming US presidential election. Russian-affiliated groups are engaging in influence campaigns targeting US support for Ukraine, while China is using a multi-tiered strategy to destabilize countries by exploiting public polarization and undermining faith in democratic systems.
As part of the attack, the cybercriminals download crypto-mining malware from a remote server in China and establish a reverse shell connection using Netcat to maintain remote access to the container. Microsoft advises administrators to ensure their OpenMetadata workload images are up to date, use strong authentication, and avoid default credentials when exposing OpenMetadata to the internet.
It is crucial for organizations to stay vigilant, update their software, and implement strong security measures to protect against such cyber threats.
