Cyber SecurityNews

Tenable Warns That Kinsing Malware Is Exploiting Apache Tomcat Servers With New Advanced Stealth Techniques

Ari Eitan, Manager - Research, Tenable
Ari Eitan, Manager - Research, Tenable

Kinsing malware has previously been seen targeting Linux-based cloud infrastructures

 Today, Tenable disclosed that its Cloud Security Research Team has recently discovered that Kinsing malware, known for targeting Linux-based cloud infrastructures, is exploiting Apache Tomcat servers with new advanced stealth techniques.

“We’ve detected multiple Kinsing infected servers within a singular environment, including an Apache Tomcat server with critical vulnerabilities.”

– Ari Eitan, Manager – Research, Tenable

Kinsing is a notorious malware family active for several years, primarily targeting Linux-based cloud infrastructure. Known for leveraging various vulnerabilities to gain unauthorised access, the threat actors behind the Kinsing malware typically deploy backdoors and cryptocurrency miners (cryptominers) on compromised systems. After infection, Kinsing uses system resources for cryptomining, which leads to higher costs and slower server performance.

Today Tenable has disclosed that Kinsing also attacks Apache Tomcat servers, and uses new techniques to hide itself on the filesystem, including utilising innocent and non-suspicious file locations for persistence. 

“Cloud cryptomining has become an emerging trend in recent years, powered by the scalability and flexibility of cloud platforms,” said Ari Eitan, Manager – Research, Tenable. “Unlike traditional on-premises infrastructure, cloud infrastructure allows attackers to quickly deploy resources for cryptomining, making it easier to exploit. In this case, we’ve detected multiple Kinsing infected servers within a singular environment, including an Apache Tomcat server with critical vulnerabilities.”

Related posts

DE-CIX India is Now Present in 10 DC in India 

adminsmec

Savex Technologies Is the National Distributor of Bose in India

adminsmec

Supply chain attacks are a launch pad for emerging automated, active-adversary attacks

adminsmec

Leave a Comment