Facebook Twitter Instagram
    • Privacy Policy
    • Contact Us
    Facebook Twitter Instagram Pinterest Vimeo
    AI Home SecurityAI Home Security
    • Home
    • Home Security
    • Cyber Security
    • Biometric Technology
    Contact
    AI Home SecurityAI Home Security
    Cyber Security

    Kinsing Actors Exploiting Recent Linux Flaw to Breach Cloud Environments

    justmattgBy justmattgNovember 3, 2023No Comments2 Mins Read

    [ad_1]

    Nov 03, 2023NewsroomCloud Security / Linux

    Linux Flaw

    The threat actors linked to Kinsing have been observed attempting to exploit the recently disclosed Linux privilege escalation flaw called Looney Tunables as part of a “new experimental campaign” designed to breach cloud environments.

    “Intriguingly, the attacker is also broadening the horizons of their cloud-native attacks by extracting credentials from the Cloud Service Provider (CSP),” cloud security firm Aqua said in a report shared with The Hacker News.

    The development marks the first publicly documented instance of active exploitation of Looney Tunables (CVE-2023-4911), which could allow a threat actor to gain root privileges.

    Cybersecurity

    Kinsing actors have a track record of opportunistically and swiftly adapting their attack chains to exploit newly disclosed security flaws to their advantage, having most recently weaponized a high-severity bug in Openfire (CVE-2023-32315) to achieve remote code execution.

    The latest set of attacks entails exploiting a critical remote code execution shortcoming in PHPUnit (CVE-2017-9841), a tactic known to be employed by the cryptojacking group since at least 2021, to obtain initial access.

    Linux Flaw

    This is followed by manually probing the victim environment for Looney Tunables using a Python-based exploit published by a researcher who goes by the alias bl4sty on X (formerly Twitter).

    “Subsequently, Kinsing fetches and executes an additional PHP exploit,” Aqua said. “Initially, the exploit is obscured; however, upon de-obfuscation, it reveals itself to be a JavaScript designed for further exploitative activities.”

    The JavaScript code, for its part, is a web shell that grants backdoor access to the server, enabling the adversary to perform file management, command execution, and gather more information about the machine it’s running on.

    Cybersecurity

    The end goal of the attack appears to be to extract credentials associated with the cloud service provider for follow-on attacks, a significant tactical shift from its pattern of deploying the Kinsing malware and launching a cryptocurrency miner.

    “This marks the inaugural instance of Kinsing actively seeking to gather such information,” the company said.

    “This recent development suggests a potential broadening of their operational scope, signaling that the Kinsing operation may diversify and intensify in the near future, thereby posing an increased threat to cloud-native environments.”

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.



    [ad_2]

    Source link

    Previous ArticleSpyware Designed for Telegram Mods Also Targets WhatsApp Add-Ons
    Next Article To Improve Cyber Defenses, Practice for Disaster
    justmattg
    • Website

    Related Posts

    Cyber Security

    Name That Toon: Last Line of Defense

    April 16, 2024
    Cyber Security

    OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt

    April 16, 2024
    Cyber Security

    Middle East Cyber Ops Intensify, With Israel the Main Target

    April 16, 2024
    Add A Comment

    Leave A Reply Cancel Reply

    Facebook Twitter Instagram Pinterest
    • Privacy Policy
    • Contact Us
    AI Home Security © 2025 All rights reserved | Designed By ESmartsSolution

    Type above and press Enter to search. Press Esc to cancel.

    ↑