Security News > 2021 > June > 'Siloscape' Malware Targets Windows Server Containers
A newly identified piece of malware that targets Windows Server containers can execute code on the underlying node and then spread in the Kubernetes cluster, according to a warning from security researchers at Palo Alto Networks.
Dubbed Siloscape, the heavily obfuscated malware was designed to install a backdoor into Kubernetes clusters, which can then be used to run malicious containers and perform various other nefarious activities.
According to Palo Alto Networks researcher Daniel Prizmant, Siloscape has snagged at least 23 victims to date, but the malware is believed to be part of a larger campaign.
Typically, an attack starts with the malware operators abusing a known vulnerability to gain remote code execution inside a Windows container, which is then used to run Siloscape.
Next, the malware escapes the container to compromise the host, checks if the host has privileges to create new Kubernetes deployments, and connects to the C&C server using Tor.
Given that Siloscape targets Windows Server containers, administrators should make sure their cloud environments are properly secured and configured.
News URL
Related news
- DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)
- Steam pulls game demo infecting Windows with info-stealing malware (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)
- Recent Windows Server 2025 updates cause Remote Desktop freezes (source)
- Outlaw Group Uses SSH Brute-Force to Deploy Cryptojacking Malware on Linux Servers (source)