Attackers who have permissions, can run malicious commands in containers in the cluster using exec command (kubectl exec
). In this method, attackers can use legitimate images, such as an OS image (e.g., Ubuntu) as a backdoor container, and run their malicious code remotely by using kubectl exec
.
For an example, please refer to “bash/cmd in container”.