Security News > 2021 > June > 'Siloscape' Malware Targets Windows Server Containers
A newly identified piece of malware that targets Windows Server containers can execute code on the underlying node and then spread in the Kubernetes cluster, according to a warning from security researchers at Palo Alto Networks.
Dubbed Siloscape, the heavily obfuscated malware was designed to install a backdoor into Kubernetes clusters, which can then be used to run malicious containers and perform various other nefarious activities.
According to Palo Alto Networks researcher Daniel Prizmant, Siloscape has snagged at least 23 victims to date, but the malware is believed to be part of a larger campaign.
Typically, an attack starts with the malware operators abusing a known vulnerability to gain remote code execution inside a Windows container, which is then used to run Siloscape.
Next, the malware escapes the container to compromise the host, checks if the host has privileges to create new Kubernetes deployments, and connects to the C&C server using Tor.
Given that Siloscape targets Windows Server containers, administrators should make sure their cloud environments are properly secured and configured.
News URL
Related news
- Microsoft 365 apps crash on Windows Server after Office update (source)
- FBI wipes Chinese PlugX malware from thousands of Windows PCs in America (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft fixes Windows Server 2022 bug breaking device boot (source)
- Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch (source)
- New Microsoft script updates Windows media with bootkit malware fixes (source)
- DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects (source)
- FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)