A threat actor recently exploited a privilege escalation vulnerability in the GNU C Library (glibc) to conduct cloud attacks. Aqua Security attributed the activity to the Kinsing threat actor, which has previously conducted cryptojacking operations and targeted containerized environments.

The Looney Tunables vulnerability (CVE-2023-4911) enables hackers to execute arbitrary code and escalate privileges on major Linux distributions, including Debian, Gentoo, Red Hat, and Ubuntu. The Kinsing threat actor usually deploys this Linux malware in containerized environments such as Kubernetes, Docker, Jenkins, and Redis servers. After gaining root access to targeted systems using the Looney Tunables vulnerability, the threat actor deployed backdoors and stole credentials from the Cloud Service Provider (CSP). This activity deviates from previous Kinsing group behavior focused on spreading their malware and operating a cryptominer. Aqua Security noted this shift presents a new danger to services running on the cloud.

Read More:

https://www.securityweek.com/looney-tunables-glibc-vulnerability-exploited-in-cloud-attacks/