Uncovering a Tor-Enabled Docker Exploit
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A sophisticated attack campaign exploits exposed Docker Remote APIs and leverages the Tor network to deploy stealthy cryptocurrency miners. The attackers gain access to containerized environments, use Tor to mask their activities, and employ the ZStandard compression algorithm for efficient payload delivery. The attack sequence involves initial access through the Docker API, container creation with host system access, deployment of a malicious script, SSH configuration modification for persistent access, installation of supporting tools, and finally the execution of an XMRig crypto miner. This campaign particularly targets cloud-heavy sectors like technology, finance, and healthcare. The attackers demonstrate advanced evasion techniques and utilize various MITRE ATT&CK framework tactics.
OPENCTI LABELS :
tor,xmrig,docker,cryptocurrency mining,container exploitation,ssh backdoor,api abuse,zstandard compression
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Uncovering a Tor-Enabled Docker Exploit