Security News > 2020 > June > XORDDoS, Kaiji DDoS Botnets Target Docker Servers
The distributed denial-of-service botnets named XORDDoS and Kaiji recently started targeting exposed Docker servers, Trend Micro warned on Monday.
Trend Micro has recently spotted variants that also target Docker servers.
The main difference between how XORDDoS and Kaiji target Docker servers is that the former infects all existing containers on the server, while the latter deploys the malware in its own container.
Once it has compromised a Docker server, XORDDoS runs a series of commands to identify containers and infect them with the malware that helps threat actors launch DDoS attacks, including SYN, ACK and DNS attacks.
Trend Micro researchers have also found a link between XORDDoS and a DDoS botnet tracked as AESDDoS and Dofloo, which has been known to target Docker.
News URL
Related news
- New Cryptojacking Attack Targets Docker API to Create Malicious Swarm Botnet (source)
- New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries (source)
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
- Perfctl malware strikes again as crypto-crooks target Docker Remote API servers (source)