While revealing the info through a blog post, the company stated that some clients had improperly configured nodes, paving way for hackers to gain control and mine Monero (XMR), which is privacy focused altcoin.
Microsoft stated that it had identified tens of clusters impacted by the onslaught, which aims for a machine learning toolkit, Kubeflow, for the open-source Kubernetes platform.
The dashboard provided for managing Kubeflow, by default, can be accessed from within the node.
Therefore, users have to utilize port-forwarding to tunnel in through the Kubernetes API. Nevertheless, some users had changed this feature for ease of operation, straightaway allowing access to the dashboard via the internet.
Hackers, after gaining access to the dashboard, can easily compromise the system through various means. One common method is to establish or amend a Jupyter notebook server in the cluster with a malignant picture. The Azure Security Center team identified a dubious image from an open repository on several machine learning clusters.
By investigating the image layers, the team became aware that it ran XMRig, the Monero (XMR) miner, to secretly misuse the node to mine the privacy focused altcoin. Machine learning clusters are usually robust and occasionally consist of GPUs, rendering them as prime target for cryptojackers.
Notably, cybersecurity company Sophos recently disclosed that attackers had infringed susceptible Microsoft SQL Server databases to set up the popular XMRig software for mining Monero.