"Kinsing Malware Targets Kubernetes Environments via Misconfigured PostgreSQL"
Researchers at Microsoft Defender for Cloud saw threat actors behind the Kinsing cryptojacking operation exploiting poorly configured PostgreSQL containers and using insecure images to gain initial access in Kubernetes environments. Aqua Security discovered the cryptocurrency miner Kinsing for the first time in April 2020, when threat actors were found scouring the Internet for Docker systems running Application Programming Interface (API) ports without a password. The Kinsing malware exploits Docker installations' resources in order to mine cryptocurrency. Recent observations by Microsoft researchers revealed a significant number of clusters running a PostgreSQL container infected with the Kinsing malware. According to researchers, the threat actors can leverage multiple misconfigurations to get access to an unprotected PostgreSQL server. This article continues to discuss Kinsing cryptojacking operators exploiting misconfigured and exposed PostgreSQL servers to access Kubernetes environments.