Attackers Abuse Kubernetes DNS to Extract Git Credentials from ArgoCD

A newly discovered attack method targeting ArgoCD and Kubernetes that could give red-teamers fresh ammo and blue-teamers fresh headaches.

This technique lets an attacker abuse Kubernetes DNS to steal powerful Git credentials from ArgoCD, potentially taking over entire Git accounts.

Why Target ArgoCD and Kubernetes?

In 2025, data exfiltration attacks are a major threat in cybersecurity, especially as attackers hunt for secrets stored in automation tools and continuous delivery pipelines.

ArgoCD is widely considered the gold standard for GitOps and Kubernetes CI/CD, making it a popular target.

Raise awareness of a new exfiltration method and show how attackers might use Kubernetes’ internal DNS to compromise Git credentials stored in ArgoCD, especially those that give access to private source code and secrets.

While ArgoCD is the most famous GitOps tool, others offering similar integration could also be vulnerable to variations of this attack, as per a report by Security Researcher ...