Kinsing Exploits Looney Tunables Vulnerability to Breach Cloud Environments

Threat Level

Actor Report

For a detailed threat advisory, download the pdf file here

Summary

The threat actor Kinsing has recently been observed  exploiting the Linux privilege escalation vulnerability known as “Looney Tunables (CVE-2023-4911)” as part of a new campaign aimed at breaching cloud environments. This represents an expansion of their operations, as they are now attempting to collect credentials from Cloud Service Providers (CSPs). This development suggests a potential broadening of their operational scope and an increased threat to cloud-native environments.

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.