CrowdStrike Discovers First-Ever Dero Cryptojacking Campaign Targeting Kubernetes
Blog post from Crowdstrike
In early 2023, CrowdStrike identified the first Dero cryptojacking campaign targeting Kubernetes infrastructure, leveraging Dero's privacy-focused cryptocurrency features to appeal to cryptojacking groups. The campaign exploited Kubernetes clusters with anonymous access enabled, using a Docker image hosted on Docker Hub to deploy a "pause" binary for mining. Concurrently, a modified Monero cryptojacking campaign was detected, which targeted the same Kubernetes vulnerabilities and actively removed Dero-related processes to mine Monero instead. CrowdStrike's Falcon platform plays a critical role in defending against such sophisticated cryptojacking operations, using advanced machine learning and behavior-based indicators to detect and mitigate threats in real-time. The campaigns illustrate the ongoing battle between cryptojacking groups exploiting misconfigured Kubernetes environments, emphasizing the need for robust cloud-native application protection capabilities.
| Trend | Post Mentions | Total Month Mentions | Posts | Companies | MoM |
|---|---|---|---|---|---|
| Kubernetes | 47 | 1,086 | 169 | 37 | +2% |
| AI Agents | 2 | 2,394 | 1,321 | 1 | - |
| Real-time | 1 | 1,659 | 640 | 46 | +203% |
| Zero Trust | 1 | 1,843 | 1,331 | 3 | +61333% |
Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.