The hackers were said to have gotten into the computers after it was discovered that a number of them were badly configured. Even though the hackers left no trace whatsoever, investigations are ongoing to check if they might leave a digital footprint that can be traced back to them which will aid their arrest.
“After discovering the hack, we swung into action with the aid of our developers to try and salvage what was left of the situation. We are currently hoping they are brought to book,” an official of the company said.
The hack was said to have been discovered on June 10 but might have been going on for a time longer than that according to the statement. The company noted that some of their customer bases had little misconfigured nodes which the hackers were able to exploit and mine the crypto tokens. They further stated that the hackers might have discovered the high mining power of the machine before setting out to achieve their aim.
Hackers exploited the modified nodes
Microsoft noted that it had discovered about a dozen machines affected by the hack which originally attacked a machine learning toolkit, Kubeflow because of its open-source Kubernates platform. By default settings, the dashboard that controls Kubeflow is only accessible internally with the nodes so the majority of their users use the Kubernate API. Some of the users were said to have modified the setting for their convenience which automatically means the dashboard is exposed to the internet. As a result of the loophole, the hackers were able to get in via a few vectors that compromised the network.
Hackers target machines because of high mining ability
The possibility is to set up or modify a jupyter notebook server in the cluster with a malicious image and all the security will be exposed. The Azure security center said they discovered an image on the Azure network on a cluster of the machines affected. According to the research run on the image, they discovered that it was used to mine Monero. Machine learning clusters contain GPU and have high power ability hence, they are being targeted by cryptojackers for mining. This is not new as hackers have previously breached the Microsoft SQL server to mine Monero sometimes ago.