SeleniumGreed: Threat actors exploit exposed Selenium Grid services for Cryptomining

Wiz researchers have identified a campaign dubbed SeleniumGreed targeting exposed Selenium Grid services. Threat actors are exploiting misconfigured testing frameworks to deploy cryptomining payloads on victim infrastructure. This activity leverages unauthorized access to computational resources for financial gain, impacting organizational performance and cloud costs. The exploitation highlights the risks associated with publicly accessible development and testing tools lacking proper authentication. While specific threat actor groups or malware families were not explicitly named in the provided text, the campaign represents a significant resource hijacking threat. Organizations utilizing Selenium Grid should immediately audit their deployments, ensure authentication mechanisms are enabled, and restrict network access to trusted IP ranges. Continuous monitoring for unusual CPU usage and unauthorized container activity is recommended to detect potential compromise. This campaign underscores the need for securing CI/CD pipelines and testing environments against opportunistic cryptomining operations targeting exposed services.

Wiz researchers discover ongoing threat to popular testing framework.

Wiz researchers have identified a campaign dubbed SeleniumGreed targeting exposed Selenium Grid services. Threat actors are exploiting misconfigured testing frameworks to deploy cryptomining payloads on victim infrastructure. This activity leverages unauthorized access to computational resources for financial gain, impacting organizational performance and cloud costs. The exploitation highlights the risks associated with publicly accessible development and testing tools lacking proper authentication. While specific threat actor groups or malware families were not explicitly named in the provided text, the campaign represents a significant resource hijacking threat. Organizations utilizing Selenium Grid should immediately audit their deployments, ensure authentication mechanisms are enabled, and restrict network access to trusted IP ranges. Continuous monitoring for unusual CPU usage and unauthorized container activity is recommended to detect potential compromise. This campaign underscores the need for securing CI/CD pipelines and testing environments against opportunistic cryptomining operations targeting exposed services. Wiz researchers discover ongoing threat to popular testing framework. Wiz researchers discover ongoing threat to popular testing framework.