logo

Cryptojacking Campaign Targeting K8s Clusters (Campaign)

ID: b0d56ff4-1cba-560d-baa8-065c8c403794

STIX ID: report--b0d56ff4-1cba-560d-baa8-065c8c403794

Feed Name: Wiz Cloud Threat Landscape

Threat Score
75/100

Date Published: 2026-06-25

Date Updated: 2026-07-02

Author: [email protected] (Wiz Threat Research)

...
...

Researchers identified an active cryptojacking campaign (June 13–23, 2026) leveraging the Realm C2 framework to compromise thousands of Linux hosts in large managed Kubernetes clusters by exploiting vulnerabilities in Argo Workflows and Gogs; attackers deployed cryptominers, stole Kubernetes service account tokens, and used privileged container escapes to spread laterally to over 300 additional nodes. Organizations running Argo Workflows or Gogs are advised to patch immediately and check for indicators of compromise.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.