According to the researchers, the attacks involve pods that run legitimate TensorFlow images in order to evade detection, and they also note the simultaneous deployment of these malicious TensorFlow images, which hint that the threat actors had scanned the clusters earlier to identify potential targets and later launched their attack on the targets at the same time.
A similar attack was reported in June last year, which also targeted Kubeflow workloads and exploited misconfigured dashboards to initiate a massive XMRIG Monero-mining campaign. This version has ben modified to exploit access to the Kubeflow centralized dashboard so that the attackers can create a new pipeline. Once the attackers have access to the pipeline’s user interface, they are able to create a new cluster, which would be composed of containers running TensorFlow images that enable cryptocurrency mining.