Comment
Author: Admin | 2025-04-27
CrowdStrike has uncovered a new cryptojacking campaign targeting vulnerable Docker and Kubernetes infrastructure using an obscure domain from the payload, container escape attempt and anonymized “dog” mining pools.Called “Kiss-a-dog,” the campaign used multiple command-and-control (C2) servers to launch attacks that attempted to mine cryptocurrency, utilize user and kernel mode rootkits to hide the activity, backdoor compromised containers, move laterally in the network and gain persistence.The CrowdStrike Falcon® platform helps protect organizations of all sizes from sophisticated breaches, including cryptojacking campaigns such as this.CrowdStrike has identified a new cryptojacking campaign targeting vulnerable Docker and Kubernetes infrastructure. Called “Kiss-a-dog,” the campaign targets Docker and Kubernetes infrastructure using an obscure domain from the payload, container escape attempt and anonymized “dog” mining pools.CrowdStrike’s Cloud Threat Research team deploys and analyzes honeypots to understand how attackers target vulnerabilities and put cloud infrastructure at risk. CrowdStrike has previously uncovered campaigns targeting vulnerable cloud infrastructure by cryptojacking botnets/groups like LemonDuck and Watchdog. Kiss-a-dog relies on tools and techniques previously associated with cryptojacking groups like TeamTNT, which targeted vulnerable Docker and Kubernetes infrastructure.The CrowdStrike Falcon platform protects customers and comprehensively secures cloud environments against cryptojacking campaigns like Kiss-a-dog by delivering a powerful combination of agentless capabilities to protect against misconfigurations and control plane attacks and agent-based capabilities to protect cloud workloads with runtime security.The CrowdStrike Falcon platform sets the new standard in cloud security. Watch this demo to see the Falcon platform in action.CrowdStrike Detection and ProtectionThe Falcon platform unifies cloud security in a single platform to deliver comprehensive protection to its customers from any attacks on Docker and Kubernetes infrastructure.With the Falcon platform, customers can implement “shift-left” strategies to identify vulnerabilities and misconfigurations at development stage to secure Kubernetes and Docker deployments out-of-the-box, while also monitoring production environments for any suspicious activity to stop campaigns like Kiss-a-dog. The suspicious activity by the Kiss-a-dog campaign is detected by CrowdStrike’s advanced machine learning and multiple behavior-based indicator of attacks (IOAs) in the killchain of the campaign.The Falcon platform takes a defense-in-depth approach to protecting customers by leveraging incoming telemetry to power detection and provide real-time mitigation. It includes the following, which is used to detect a campaign like Kiss-a-dog:Host path mount to escape the containerRogue container running on your Docker instanceMisconfigured Kubernetes or Docker instanceFigures 1.A and 1.B show High Confidence detection of a malicious service to run , which is disguised xmrig. Figure 1.A Figure 1.BFigures 1.A and 1.B. Disguised miner process identified and killed by the Falcon platformMoreover, the Falcon platform analyzes suspicious images and detects runtime malicious activity, network connections along with vulnerability analysis of the image to provide in-depth reports, as shown in Figure 2. Figure 2. Falcon Dynamic Container Analysis reportSee for yourself how the industry-leading CrowdStrike Falcon platform protects your cloud environments. Start your 15-day free trial today.In mid-2022, a crypto crash caused havoc in the digital currency market where several currencies — including Bitcoin — dropped 40% to 90% and some of them perished. During this period, cryptomining activity targeting digital currencies
Add Comment