Alert: OracleIV DDoS Botnet Targets Public Docker Engine APIs to Hijack Containers
Alert: OracleIV DDoS Botnet Targets Public Docker Engine APIs to Hijack Containers
14 November 2023
Publicly-accessible Docker Engine API instances are being targeted by threat actors as part of a campaign designed to co-opt the machines into a distributed denial-of-service (DDoS) botnet dubbed OracleIV.
"Attackers are exploiting this misconfiguration to deliver a malicious Docker container, built from an image named 'oracleiv_latest' and containing Python malware compiled as an ELF executable