ShadowV2 DDoS Service Lets Customers Self-Manage Attacks
securityweek
A newly discovered distributed denial-of-service (DDoS) botnet targets misconfigured Docker containers for infection and offers a new service model where customers launch their own attacks, Darktrace reports.
The operation, named ShadowV2, breaks the traditional DDoS service model with the use of a Python-based command-and-control (C&C) platform hosted on GitHub CodeSpaces, and a sophisticated attack toolkit that combines traditional malware with modern DevOps technology.
The infection chain starts with a Python script hosted on GitHub CodeSpaces, which allows the attackers to interact with Docker to create containers. The attackers target Docker daemons running on AWS cloud instances that are accessible from the internet.
Instead of using images from Docker Hub or uploading a pre-prepared image, the attackers spawn a generic ‘setup’ container. They then deploy various tools inside it, create a new image of the customized container, and deploy it as a live container.
The container, Darktrace notes, acts as a ...
Copyright of this story solely belongs to securityweek . To see the full text click HERE