Gafgyt Malware Broadens Its Scope in Recent Attacks
Essential information
Description
Trend Micro researchers have identified threat actors exploiting misconfigured Docker servers to spread Gafgyt malware, traditionally known for targeting IoT devices. This shift in behavior involves attackers creating Docker containers based on legitimate 'alpine' images to deploy the malware. The attack sequence includes attempts to deploy various Gafgyt botnet binaries, with the potential to launch DDoS attacks on targeted servers. The malware uses hardcoded command-and-control server addresses and can perform DDoS attacks using multiple protocols. The attackers also employ privilege escalation techniques and attempt to discover local IP addresses. This new tactic represents a significant expansion of Gafgyt's targets beyond its usual scope.