Safe Breach Labs cybersecurity experts: The threat actor infects victims via Farsi phishing emails with a PowerShell stealer malware.
Palo Alto Networks Unit 42: Siloscape targets Windows Containers to compromise Cloud environments. The malware, heavy obfuscated, attacks Kubernetes clusters to open a backdoor
Siloscape is the first known malware targeting Windows Containers to compromise Cloud environments. It has been discovered by Palo Alto Networks Unit 42 cybersecurity experts. The malicious code is heavily obfuscated and attacks Kubernetes clusters through Windows containers. Its main purpose is to open a backdoor into poorly configured clusters in order to run malicious containers. Moreover, to anonymously connect to its command and control (C2) server, Siloscape uses the Tor proxy and an .onion domain. Compromising an entire cluster is much more severe than compromising an individual one, as a cluster could run multiple cloud applications whereas an individual usually runs a single application. So, the attacker might be able to steal critical information. Furthermore, such an attack could even be leveraged as a ransomware by taking the organization’s files hostage.