Crypto malware targets Kubernetes clusters, say researchers
Researchers have discovered never-before-seen malware, dubbed Hildegard, that is being used by the TeamTNT threat group to target Kubernetes clusters.
While Hildegard, initially detected in January 2021, is initially being used to launch cryptojacking operations, researchers believe that the campaign may still be in the reconnaissance and weaponization stage. Eventually, they warn, TeamTNT may launch a more large-scale cryptojacking attack via Kubernetes environments or steal data from applications running in Kubernetes clusters.
“We believe that this new malware campaign is still under development due to its seemingly incomplete codebase and infrastructure,” said Jay Chen, Aviv Sasson and Ariel Zelivansky, researchers with Palo Alto Networks, on Wednesday. “At the time of writing, most of Hildegard’s infrastructure has been only online for a month.”