Type
Incident
Actors
Unknown
Pub. date
May 25, 2023
Initial access
End-user compromise
Impact
None
Targeted technologies
KubernetesDocker
References
https://www.virusbulletin.com/conference/vb2023/abstracts/tales-cloud-csirt-lets-deep-dive-kubernetes-k8s-infection/
Status
Stub
Last edited
Jun 2, 2024 8:02 AM
[…] a real example of an AWS Kubernetes cluster infection through a software development supply chain compromise. The attackers were able to get AWS credentials from a DevOps workstation and use them to introduce a poisoned docker image into a Kubernetes cluster. It allowed them to move laterally within the cluster and to the cloud provider, retrieving secrets, passwords, tokens, and a bunch of other data. […] able to detect them just in time, as the attackers had retrieved secrets that would have allowed them to move laterally to other companies or execute a new docker image with nastier results.