Gafgyt Malware Broadens Its Scope in Recent Attacks
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Trend Micro researchers have identified threat actors exploiting misconfigured Docker servers to spread Gafgyt malware, traditionally known for targeting IoT devices. This shift in behavior involves attackers creating Docker containers based on legitimate 'alpine' images to deploy the malware. The attack sequence includes attempts to deploy various Gafgyt botnet binaries, with the potential to launch DDoS attacks on targeted servers. The malware uses hardcoded command-and-control server addresses and can perform DDoS attacks using multiple protocols. The attackers also employ privilege escalation techniques and attempt to discover local IP addresses. This new tactic represents a significant expansion of Gafgyt's targets beyond its usual scope.
OPENCTI LABELS :
botnet,docker,ddos,privilege-escalation,iot,gafgyt,bashlite,lizkebab,api,container
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Gafgyt Malware Broadens Its Scope in Recent Attacks