Palo Alto Networks’ Unit 42 researchers have revealed shocking details of a new malware that’s compromising Windows containers to target Kubernetes clusters. Researchers have dubbed it Siloscape.
It is regarded as an unusual malware that focuses on Linux as the preferred OS for managing cloud environments and applications.
Another interesting aspect of the report is that the researchers could access the C&C Server and identified 23 active victims of the malware, and in total, there were 313 victims.
What are Kubernetes Clusters?
Developed initially by Google; Kubernetes are now being maintained by the Cloud Native Computing Foundation. It is an open-source system used to automate the scaling, deployment, and management of containerized services, workloads, and applications over host clusters.
It also organized apps containers into nodes (physical/virtual machines), pods, and clusters. Multiple nodes form clusters, which are then managed by a master cluster that coordinates tasks like updating or scaling apps.
Malware Discovered in March
According to Unit 42 researchers, the malware was discovered in March 2021. It has been named Siloscape because it aims to escape Windows containers through a server silo. It uses Tor proxy and .onion domain to communicate with its C&C Server. And, the malware operators use it to exfiltrate data, send commands and manage malware.
How does it attack?
The malware is labeled as CloudMalware.exe. Instead of using Hyper-V isolation, it uses Server to target Windows containers and launches attacks by exploiting known ..
Support the originator by clicking the read the rest link below.
