January 10, 2023 By Pierluigi Paganini
Kinsing cryptojacking operators are exploiting misconfigured and exposed PostgreSQL servers to access Kubernetes environments.
Researchers at Microsoft Defender for Cloud observed threat actors behind the Kinsing cryptojacking operation using two methods to gain initial access in Kubernetes environments: exploitation of weakly configured PostgreSQL containers and exploiting vulnerable images.
The crypto-miner Kinsing was first spotted by security firm Aqua Security in April 2020, at the time the experts spotted threat actors scanning the Internet for Docker servers running API ports exposed without a password. The Kinsing malware abuses the resources of the Docker installations to mine cryptocurrency.
