Updated on 2022-12-22: Kiss-a-Dog expansion
Cado Security has an update on the Kiss-a-Dog crypto-mining gang. Researchers say the group, which was known to target Docker and Kubernetes servers, is now also going after Redis databases. Read more:
- CrowdStrike Identifies New Kiss-a-Dog Cryptojacking Campaign Targeting Vulnerable Docker and Kubernetes Infrastructure
- Kiss-a-Dog Discovered Utilizing a 20-Year-Old Process Hider
Updated on 2022-10-28: Kiss-a-Dog campaign
Crowdstrike published a report on Kiss-a-Dog, a new cryptomining operation that has been targeting vulnerable Docker and Kubernetes infrastructure. The Kiss-a-Dog threat actor targets cloud servers with exposed administration APIs, uses a container escape vulnerability to attack the underlying servers, deploys the Diamorphine and libprocesshide rootkits to take over the system, then deploys a backdoor for future access, and finally, a cryptominer to exploit the servers for their own profits. Read more:
- CrowdStrike Identifies New Kiss-a-Dog Cryptojacking Campaign Targeting Vulnerable Docker and Kubernetes Infrastructure
- m0nad/Diamorphine
- gianlucaborello/libprocesshider
Overview
A new cryptojacking campaign, dubbed Kiss-a-dog, was found targeting vulnerable Kubernetes and Docker instances. The attacker’s C2 infrastructure overlaps with that of TeamTNT. Read more: CrowdStrike Identifies New Kiss-a-Dog Cryptojacking Campaign Targeting Vulnerable Docker and Kubernetes Infrastructure