Skip to content

Microsoft Azure machine learning clusters were attacked with cryptojacking to extract Monero

June 12, 2020

Microsoft announced this on June 10 discovered several cryptojacking attacks in powerful machine learning clusters in your cloud computing network Azure.

The company said that in a blog post Some clients had configured the nodes incorrectly. Attackers can kidnap them to take advantage of the privacy-oriented Monero (XMR) cryptocurrency.

Default setting overwritten

Microsoft said that discovered dozens of groups affected by the attack which points to a machine learning toolkit, Kubeflow, for the open source platform Kubernetes.

Microsoft Azure machine learning clusters were attacked with cryptojacking to extract MoneroMicrosoft Azure machine learning clusters were attacked with cryptojacking to extract Monero

Default, The control panel for controlling Kubeflow can only be accessed internally from the node. Consequently, Users must use port forwarding tunnel through the Kubernetes API. However, some users have changed this, possibly for practical reasons. by directly exposing the panel on the Internet.

With panel accessThe hackers had several vectors at their disposal through which they compromised the system.

When the shield is down, it attacks

A possibility is used to configure or change a portable Jupyter server in the cluster with a malicious image.

The team from Azure Security Center has discovered a suspicious image from a public repository across multiple machine learning clusters.

By examining the image planes The team found that an XMRig miner was running and Secretly use the knot to mine the Monero cryptocurrency.

Machine learning clusters are relatively powerful and sometimes contain GPUs. This makes them an ideal target for cryptojackers.

As Cointelegraph reported, the cybersecurity company was Sophos recently announced that attackers have breached databases from Microsoft SQL Server prone to installing the same XMRig software that Monero extracts.