Tag: container security

3 Attack Reports | 0 Vulnerabilities

Attack reports

Docker Gatling Gun Campaign

Recent research has uncovered a new malicious campaign orchestrated by the notorious hacking group TeamTNT. This campaign exploits exposed Docker daemons to deploy Sliver malware, a cyber worm, and cryptominers, utilizing compromised servers and Docker Hub as infrastructure for spreading their mali…
campaign
sliver
malicious
cryptomining
docker
tsunami
2024-10-26
exposed-daemons
cloud-native
container-security
docker-swarm
docker-hub
2024-10-29
prochider
Published: October 29, 2024
Downloadable IOCs: 11

Using gRPC and HTTP/2 for Cryptominer Deployment: An Unconventional Approach

A malicious actor has been observed targeting Docker remote API servers to deploy the SRBMiner cryptominer for mining XRP cryptocurrency. The attacker utilizes the gRPC protocol over h2c (clear text HTTP/2 protocol) to evade security measures and execute cryptomining operations on Docker hosts. The…
cryptomining
docker
container security
2024-10-22
http/2
xrp
grpc
remote api
srbminer
Published: October 22, 2024
Downloadable IOCs: 2

Threat Actors leverage Docker Swarm and Kubernetes to mine cryptocurrency at scale

A new cryptojacking campaign targeting Docker Engine API has been discovered, with the ability to move laterally to Docker Swarm, Kubernetes, and SSH servers. The attackers exploit exposed Docker API endpoints to deploy cryptocurrency miners and additional malicious payloads. They utilize Docker Hu…
xmrig
kubernetes
cryptojacking
docker
2024-09-25
container security
docker swarm
Published: September 25, 2024
Downloadable IOCs: 41
Click here to see more Attack Reports