You're listening to the CyberWire Network, powered by N2K.

Today's episode is sponsored by SRM, your first call for cybersecurity and

investigations. Threats today are evolving faster than ever before and since 2005 SRM has pioneered

tailored security solutions for global corporations and their executives.

Whether it's defending against cyber attacks with their award-winning team of ethical hackers and incident response specialists,

or navigating the murky waters of compliance and ESG challenges,

SRMs, Insight and Straight straightforward advice will help you navigate complex risks

and emerge more resilient.

Their secret, a culture that nurtures the sharpest minds, giving them access to the newest technologies and the freedom

to solve problems in new ways, enabling them to craft simple effective solutions for your

unique cyber challenges.

Search your first call to discover how SRM can help your business. Hello everyone and welcome to the CyberWire's research Saturday.

I'm Dave Bitner and this is our weekly conversation with researchers and analysts tracking down the threats and vulnerabilities,

solving some of the hard problems of protecting ourselves in a rapidly evolving cyberspace.

Thanks for joining us. You know, we're always looking for the adversary's view of software supply chains and we're seeing Kubernetes is a particularly interesting threat surface that people like to take advantage of.

That's Scott Fanning. He's senior director of Product Management and Cloud Security at Crowd

Strike.

We're discussing their research on the first ever Darrow-criptojacking operation targeting

Kubernetes infrastructure.

For folks who aren't working in Kubernetes day to day can you give us some insights as to

what makes it attractive for these sorts of threat actors?

Sure I mean you know think of Kubernetes as a orchestration plane for containers you know they allow

...