Execution: Cryptomining Docker Image

This document describes a threat finding type in Security Command Center. Threat findings are generated by threat detectors when they detect a potential threat in your cloud resources. For a full list of available threat findings, see Threat findings index.

Overview

A Cloud Run service or job was created or revised by adding a known bad docker image that can do cryptomining.

How to respond

The following response plan might be appropriate for this finding, but might also impact operations. Carefully evaluate the information you gather in your investigation to determine the best way to resolve findings.

To respond to this finding, do the following:

  1. Check the container image to determine if this was expected.
  2. Delete the compromised container and replace it with a new container.

What's next