OracleIV DDoS Botnet Targets Public Docker Engine APIs to Hijack Containers

Threat actors are targeting publicly accessible Docker Engine API instances as part of a campaign to co-opt the machines into the OracleIV distributed denial-of-service (DDoS) botnet.

“Attackers are exploiting this misconfiguration to deliver a malicious Docker container, built from an image named ‘oracleiv_latest’ and containing Python malware compiled as an ELF executable,” said Nate Bill and Matt Muir, researchers at Cado.

The malicious activity begins with an HTTP POST request to Docker’s API to retrieve a malicious image from Docker Hub, which then executes a command to retrieve a shell script read more OracleIV DDoS Botnet Targets Public Docker Engine APIs to Hijack Containers.

Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the dangers, breaches, and solutions.

Leave a Reply

Your email address will not be published. Required fields are marked *