The primary motivation behind Kinsing malware is financial gain through illicit cryptomining (cryptojacking). By leveraging the resources of compromised systems, the attackers mine cryptocurrencies, particularly Monero, due to its privacy features and CPU-mining suitability.
The group demonstrates a high level of technical expertise in exploiting vulnerabilities within cloud and container environments. They are proficient in identifying and exploiting security flaws in widely used applications and services such as Oracle WebLogic, Apache Struts, and Kubernetes.
Despite ongoing efforts by the cybersecurity community to track and attribute their activities, the attackers maintain a high level of anonymity and operational security, making definitive identification challenging.