Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining

Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining

March 6, 2024 at 12:15PM

Threat actors are utilizing misconfigured and vulnerable servers to conduct Remote Code Execution (RCE) attacks and deploy cryptocurrency miners. Cloud security company Cado has named this activity “Spinning YARN,” with attackers using Golang payloads to exploit Confluence, Docker, Hadoop YARN, and Redis services. The attacks also exploit known vulnerabilities and employ advanced evasion techniques.

Based on the meeting notes from March 6, 2024, it is evident that threat actors are targeting misconfigured and vulnerable servers running various services such as Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis in an emerging malware campaign aimed at delivering a cryptocurrency miner and establishing persistent remote access. The activity, codenamed Spinning YARN, involves deploying Golang payloads to automate the identification and exploitation of susceptible hosts, exploiting vulnerabilities, and utilizing evasion techniques to ensure their activities remain undetected.

Additionally, the notes highlight that the attacks prioritize stealth and evasion, targeting both Windows and Linux hosts. The perpetrators are also abusing cloud services meant for artificial intelligence to drop cryptocurrency miners and host malware. It is crucial to note that threat actors are increasingly targeting cloud services that require technical knowledge, and cryptojacking is not the only motive, as indicated in the H2 2023 Cloud Threat Findings Report from Cado.

The article emphasizes the importance of staying informed about reported vulnerabilities and understanding the types of web-facing services deployed in cloud environments to mitigate the risk posed by such attacks. Moreover, it underscores the worrying trend of ransomware on Linux and ESXi systems, indicating a broader variety of attacks targeting cloud and Linux infrastructure.

Finally, the notes mention the relevance of following the respective social media channels for exclusive content related to these developments.

If you have any further questions or if there’s anything else you’d like me to highlight from the meeting notes, please let me know.

Full Article