Cybersecurity company Trend Micro revealed a campaign where attackers exploit misconfigured Docker APIs to infiltrate containerized environments for stealthy cryptocurrency mining. By utilizing the Tor network, these adversaries mask their origins while initiating attacks from a specific IP address. If containers are not available, they create a new one using the 'alpine' Docker image, granting access to the host machine's root directory. They execute shell scripts to set up Tor and download malicious scripts from .onion domains, enhancing their anonymity and evasion tactics.
"Attackers are exploiting misconfigured Docker APIs to gain access to containerized environments, then using Tor to mask their activities while deploying crypto miners."
"It reflects a common tactic used by attackers to hide command-and-control (C&C) infrastructure, avoid detection, and deliver malware or miners within compromised cloud or container environments."
Collection
[
|
...
]