Type
Incident
Actors
Unknown
Pub. date
January 2, 2025
Initial access
Cloud native misconfig
Impact
Supply chain attackResource hijacking
Observed techniques
Cloud compute cryptojackingScript injection into CICD workflowSupply Chain Compromise
Targeted technologies
GitHubDocker
References
https://github.com/Kong/kubernetes-ingress-controller/security/advisories/GHSA-58mg-ww7q-xw3phttps://x.com/adnanthekhan/status/1876105920348143957?t=mfYOrDDfjm_RcXvQUHfUCQ&s=19 https://www.linkedin.com/posts/danlorenc_kong-ingress-controller-34-has-high-cpu-activity-7284188622226915328-GrzS/
Status
Finalized
Last edited
Jan 13, 2025 8:55 AM
Kong Ingress Controller is a popular ingress controller for Kubernetes. The Kong Ingress Controller version 3.4 instances have been experiencing a significant performance regression causing excessive CPU utilization of approximately 4 cores, even with minimal Gateway API resources configured. The compromised image has been available on DockerHub for over a week. The Kong team has not specified the initial access vector, however, evidence points at a CICD compromise given the previously-reported vulnerabilities in their CICD chain.