Synopsis
Description
An unusual process opened a Kubernetes service account file for the first time.
Attacker's Goals
Utilize the Kubernetes service account files to perform additional actions on the cluster.
Investigative actions
- Check the exposed Kubernetes service account usage in the cluster.
- Check if any other suspicious activity was performed inside the pod.
Variations
Unusual Kubernetes service account file read within a new pod
Synopsis
Description
An unusual process opened a Kubernetes service account file for the first time.
Attacker's Goals
Utilize the Kubernetes service account files to perform additional actions on the cluster.
Investigative actions
- Check the exposed Kubernetes service account usage in the cluster.
- Check if any other suspicious activity was performed inside the pod.
Kubernetes service account file read
Synopsis
Description
An unusual process opened a Kubernetes service account file for the first time.
Attacker's Goals
Utilize the Kubernetes service account files to perform additional actions on the cluster.
Investigative actions
- Check the exposed Kubernetes service account usage in the cluster.
- Check if any other suspicious activity was performed inside the pod.
Suspicious Kubernetes service account file read from the projected volume path
Synopsis
Description
An unusual process opened a Kubernetes service account file for the first time.
Attacker's Goals
Utilize the Kubernetes service account files to perform additional actions on the cluster.
Investigative actions
- Check the exposed Kubernetes service account usage in the cluster.
- Check if any other suspicious activity was performed inside the pod.
Suspicious Kubernetes service account token read by an unusual process
Synopsis
Description
An unusual process opened the Kubernetes service account token file for the first time.
Attacker's Goals
Utilize the Kubernetes service account files to perform additional actions on the cluster.
Investigative actions
- Check the exposed Kubernetes service account usage in the cluster.
- Check if any other suspicious activity was performed inside the pod.
Suspicious Kubernetes service account file read by an unusual process
Synopsis
Description
An unusual process opened a Kubernetes service account file for the first time.
Attacker's Goals
Utilize the Kubernetes service account files to perform additional actions on the cluster.
Investigative actions
- Check the exposed Kubernetes service account usage in the cluster.
- Check if any other suspicious activity was performed inside the pod.
Suspicious Kubernetes service account token read
Synopsis
Description
An unusual process opened the Kubernetes service account token file for the first time.
Attacker's Goals
Utilize the Kubernetes service account files to perform additional actions on the cluster.
Investigative actions
- Check the exposed Kubernetes service account usage in the cluster.
- Check if any other suspicious activity was performed inside the pod.