Site Overlay

Microsoft Azure’s self-learning clusters were attacked with cryptojacking to extract Monero

Microsoft announced on June 10 that it discovered several cryptojacking attacks on powerful self-learning clusters in its Azure cloud computing network.

In a post on its blog, the company said that some customers had misconfigured the nodes, allowing attackers to hijack them to exploit the privacy-oriented Bitcoin Evolution crypto-currency.

A group of hackers exploited vulnerabilities in SQL Server to undermine crypto currencies

Default settings overridden
Microsoft said it discovered dozens of groups affected by the attack, which points to a self-learning toolkit, Kubeflow, for the open source platform Kubernetes.

By default, the panel to control Kubeflow can only be accessed internally from the node; therefore, users must use port forwarding to tunnel through the Kubernetes API. However, some users have modified this, potentially for convenience, by directly exposing the panel on the Internet.

With access to the panel, hackers had several vectors available through which they could compromise the system.

Ransomware gangs unite to form poster-style structures

When the shield is down, it attacks
One possibility is to set up or modify a portable Jupyter server on the cluster with a malicious image.

The Azure Security Center team discovered a suspicious image from a public repository in several self-learning clusters.

While investigating the layers of the image, the team realized that it was running an XMRig miner and secretly using the node to extract the Monero cryptomint.

Microsoft, Nasdaq and others to set global standards for tokenization
Self-learning clusters are relatively powerful and sometimes contain GPUs, making them an ideal target for cryptojackers.

As reported by Cointelegraph, cyber security company Sophos recently revealed that attackers broke into vulnerable Microsoft SQL Server databases to install the same XMRig software that Monero extracts.