Tag: container exploitation

A sophisticated attack campaign exploits exposed Docker Remote APIs and leverages the Tor network to deploy stealthy cryptocurrency miners. The attackers gain access to containerized environments, use Tor to mask their activities, and employ the ZStandard compression algorithm for efficient payload…

An unknown threat actor is exploiting exposed Docker Remote API servers to deploy the perfctl malware. The attack sequence involves probing the server, creating a Docker container with specific settings, and executing a Base64 encoded payload. The payload escapes the container, creates a bash scrip…