The attack works on any Docker installation which exposes its API through TCP, which has (until recently) been the default for Windows PCs running Docker for Windows, an application used by developers to create and test containerized applications. “The attack endgame is a persistent remote code execution within the enterprise’s network,” Dulce said. “Persistence on the host computer is practically undetectable by existing security products from the host.”
https://threatpost.com/attack-uses-docker-containers-to-hide-persist-plant-malware/126992/
Leave a Comment
You must be logged in to post a comment.