Threat actors are abusing misconfigured Argo Workflows instances to deploy cryptocurrency miners on Kubernetes clusters. Threat actors gain access to such clusters via Internet-exposed Argo dashboards and deploy their own malicious workflows using various Monero miner containers. Attackers are already taking advantage of this vector as we detected operators dropping cryptominers using this method in the wild. Microsoft warned last month that cryptomining gangs were targeting machine learning (ML) infrastructure running on K8 clusters.
Source: https://www.bleepingcomputer.com/news/security/attackers-deploy-cryptominers-on-kubernetes-clusters-via-argo-workflows/