⚠️ Region Alert: UAE/Middle East
Kubernetes-related threat operations have surged by 282% over the last year, with the IT sector representing the vast majority of targeted activity. Attackers are increasingly moving beyond simple container escapes to focus on the abuse of Kubernetes identities and exposed attack surfaces. By harvesting service account tokens (SATs), threat actors like the North Korean group Slow Pisces (Lazarus) have successfully pivoted from initial pod access to compromising backend cloud infrastructure and financial systems in the cryptocurrency sector.
The report highlights critical vulnerabilities such as React2Shell (CVE-2025-55182), which allows remote code execution directly inside Kubernetes workloads. Once inside, adversaries utilize post-exploitation frameworks like Peirates to automate resource discovery and lateral movement. To mitigate these risks, security teams must prioritize strict RBAC configurations, implement short-lived projected service account tokens, and maintain deep runtime visibility through Kubernetes audit logs and behavioral analysis to disrupt attack paths before cluster-wide compromise occurs.
Top comments (0)