Sysdig discovered a sophisticated operation, named SCARLETEEL, targeting public-facing web apps running in a self-managed Kubernetes cluster hosted on AWS to steal proprietary data. Cybercriminals camouflage their campaigns as cryptojacking operations, however, their agenda is to steal sensitive data and credentials from targeted systems. Organizations and individuals are suggested to adopt extra measures, such as conducting frequent audits and securing vulnerable applications to reduce the potential attack surface.