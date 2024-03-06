New Linux malware campaign targets Docker, Apache Hadoop, Redis and Confluence – Cado Security

March 2024 by Cado Security

The campaign utilises unique and unreported payloads, including four Golang binaries, that serve as tools to automate the discovery and infection of hosts running those services. The attackers leverage the tools to issue exploit code, taking advantage of common misconfigurations and exploiting an n-day vulnerability, to conduct Remote Code Execution (RCE) attacks and infect new hosts.

This extensive attack demonstrates the variety in initial access techniques available to cloud and Linux malware developers. Attackers are investing significant time into understanding the types of web-facing services deployed in cloud environments, keeping abreast of reported vulnerabilities and using this knowledge to gain a foothold in target environments.

