Security News > 2020 > December > Misconfigured Docker Servers Under Attack by Xanthe Malware
Researchers first discovered Xanthe targeting a honeypot, which they created with the aim of discovering Docker threats.
Misconfigured Docker servers are another way that Xanthe spreads.
Researchers said that Docker installations can be easily misconfigured and the Docker daemon exposed to external networks with a minimal level of security.
Various past campaigns have been spotted taking advantage of such misconfigured Docker installations; for instance, in September, the TeamTNT cybercrime gang was spotted attacking Docker and Kubernetes cloud instances by abusing a legitimate cloud-monitoring tool called Weave Scope.
In April, an organized, self-propagating cryptomining campaign was found targeting misconfigured open Docker Daemon API ports; and in October 2019, more than 2,000 unsecured Docker Engine hosts were found to be infected by a cyptojacking worm dubbed Graboid.
News URL
https://threatpost.com/misconfigured-docker-servers-xanthe-malware/161732/
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- New NachoVPN attack uses rogue VPN servers to install malicious updates (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)