Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining
Mar 06, 2024
Server Security / Cryptocurrency
Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part of an emerging malware campaign designed to deliver a cryptocurrency miner and spawn a reverse shell for persistent remote access. "The attackers leverage these tools to issue exploit code, taking advantage of common misconfigurations and exploiting an N-day vulnerability, to conduct Remote Code Execution (RCE) attacks and infect new hosts," Cado security researcher Matt Muir said in a report shared with The Hacker News. The activity has been codenamed Spinning YARN by the cloud security company, with overlaps to cloud attacks attributed to TeamTNT , WatchDog , and a cluster dubbed Kiss-a-dog . It all starts with deploying four novel Golang payloads that are capable of automating the identification and exploitation of susceptible Confluence, Docker, Hadoop YARN, and Redis hosts. The spreader utilities leverage masscan or pnscan