Home / Companies / Crowdstrike / Blog / Post Details
Content Deep Dive

CrowdStrike Discovers First-Ever Dero Cryptojacking Campaign Targeting Kubernetes

Blog post from Crowdstrike

Post Details
Company
Date Published
Author
CrowdStrike
Word Count
3,153
Company Posts That Month
Language
English
Hacker News Points
-
Post removed?
No
Summary

In early 2023, CrowdStrike identified the first Dero cryptojacking campaign targeting Kubernetes infrastructure, leveraging Dero's privacy-focused cryptocurrency features to appeal to cryptojacking groups. The campaign exploited Kubernetes clusters with anonymous access enabled, using a Docker image hosted on Docker Hub to deploy a "pause" binary for mining. Concurrently, a modified Monero cryptojacking campaign was detected, which targeted the same Kubernetes vulnerabilities and actively removed Dero-related processes to mine Monero instead. CrowdStrike's Falcon platform plays a critical role in defending against such sophisticated cryptojacking operations, using advanced machine learning and behavior-based indicators to detect and mitigate threats in real-time. The campaigns illustrate the ongoing battle between cryptojacking groups exploiting misconfigured Kubernetes environments, emphasizing the need for robust cloud-native application protection capabilities.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
Kubernetes 47 1,086 169 37 +2%
AI Agents 2 2,394 1,321 1 -
Real-time 1 1,659 640 46 +203%
Zero Trust 1 1,843 1,331 3 +61333%
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.