Kong image compromise

Type

Incident

Actors

❓Unknown

Pub. date

January 2, 2025

Initial access

Cloud native misconfig

Impact

Supply chain attackResource hijacking

Observed techniques

Cloud compute cryptojacking Script injection into CICD workflow Supply Chain Compromise

Targeted technologies

GitHub Docker

References

https://github.com/Kong/kubernetes-ingress-controller/security/advisories/GHSA-58mg-ww7q-xw3phttps://x.com/adnanthekhan/status/1876105920348143957?t=mfYOrDDfjm_RcXvQUHfUCQ&s=19 https://www.linkedin.com/posts/danlorenc_kong-ingress-controller-34-has-high-cpu-activity-7284188622226915328-GrzS/

Status

Finalized

Last edited

Jan 13, 2025 8:55 AM

Kong Ingress Controller is a popular ingress controller for Kubernetes. The Kong Ingress Controller version 3.4 instances have been experiencing a significant performance regression causing excessive CPU utilization of approximately 4 cores, even with minimal Gateway API resources configured. The compromised image has been available on DockerHub for over a week. The Kong team has not specified the initial access vector, however, evidence points at a CICD compromise given the previously-reported vulnerabilities in their CICD chain.