Updated on 2022-10-28: Kiss-a-Dog campaign

Crowdstrike published a report on Kiss-a-Dog, a new cryptomining operation that has been Targeting Vulnerable Docker and Kubernetes infrastructure. The Kiss-a-Dog threat actor targets cloud servers with exposed administration APIs, uses a container escape vulnerability to attack the underlying servers, deploys the Diamorphine and libprocesshide rootkits to take over the system, then deploys a backdoor for future access, and finally, a cryptominer to exploit the servers for their own profits. Read more:

• CrowdStrike Identifies New Kiss-a-Dog Cryptojacking Campaign Targeting Vulnerable Docker and Kubernetes Infrastructure
• m0nad/Diamorphine
• gianlucaborello/libprocesshider

Overview

A new cryptojacking campaign, dubbed Kiss-a-dog, was found Targeting Vulnerable Kubernetes and Docker instances. The attacker’s C2 infrastructure overlaps with that of TeamTNT. Read more: CrowdStrike Identifies New Kiss-a-Dog Cryptojacking Campaign Targeting Vulnerable Docker and Kubernetes Infrastructure

The post Kiss-a-Dog cryptomining campaign appeared first on PUPUWEB - Information Resource for Emerging Technology Trends and Cybersecurity.