In the reported attack campaign, Intezer indicated that a threat actor had accessed exposed Docker instances on the internet to install cryptomining software for mining Monero cryptocurrency.