Security News > 2021 > June > 'Siloscape' Malware Targets Windows Server Containers
A newly identified piece of malware that targets Windows Server containers can execute code on the underlying node and then spread in the Kubernetes cluster, according to a warning from security researchers at Palo Alto Networks.
Dubbed Siloscape, the heavily obfuscated malware was designed to install a backdoor into Kubernetes clusters, which can then be used to run malicious containers and perform various other nefarious activities.
According to Palo Alto Networks researcher Daniel Prizmant, Siloscape has snagged at least 23 victims to date, but the malware is believed to be part of a larger campaign.
Typically, an attack starts with the malware operators abusing a known vulnerability to gain remote code execution inside a Windows container, which is then used to run Siloscape.
Next, the malware escapes the container to compromise the host, checks if the host has privileges to create new Kubernetes deployments, and connects to the C&C server using Tor.
Given that Siloscape targets Windows Server containers, administrators should make sure their cloud environments are properly secured and configured.
News URL
Related news
- New Windows Server 2012 zero-day gets free, unofficial patches (source)
- Windows, macOS users targeted with crypto-and-info-stealing malware (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- FBI wipes Chinese PlugX malware from thousands of Windows PCs in America (source)