OracleIV: Dockerized Botnet Launches DDoS Attack Against Docker Engine>
CyberSecurity News – Guru
The Cado Security Labs have uncovered a new cyber campaign using Docker Engine API vulnerabilities to spread a malicious container known as OracleIV.
This Python malware operates as an ELF executable DDoS bot agent, capable of executing various attack techniques.
The campaign repeatedly targets the Docker Engine API for initial access, taking advantage of misconfigured Docker Engine APIs.
The malware is concealed within a Docker container pulled from Dockerhub by the user “robbertignacio328832.” It is disguised by adding MySQL Docker image descriptions, containing hidden malicious payload commands.
Additionally, the bot connects to a command and control (C2) server, executing diverse forms of DDoS attacks, involving UDP and SSL floods.
Cado Security Labs has reported OracleIV to Docker, prompting recommendations for users to exercise caution, conduct regular assessments, and defend against misconfigured internet-facing services.
Link: https://cybersecuritynews.com/oracleiv-dockerised-botnet/