First Known Malware Targeting Windows Containers to Compromise Cloud Environments

Security Alert
Published June 7, 2021

Siloscape is the first known malware targeting Windows containers to run malicious applications in the wild, and is actively trying to exploit Windows Server containers, as well as Kubernetes, to spread the malware. Siloscape is heavily obfuscated malware targeting Kubernetes clusters through Windows containers. Its main purpose is to open a backdoor into poorly configured Kubernetes clusters in order to run malicious containers.

siloscapekuberneteswindows serverhypervtor networkakswindows containersirc
T1090 – ProxyT1059 – Command and Scripting InterpreterT1106 – Native APIT1083 – File and Directory DiscoveryT1055 – Process InjectionT1027 – Obfuscated Files or InformationT1036 – MasqueradingT1580 – Cloud Infrastructure DiscoveryT1578 – Modify Cloud Compute InfrastructureT1071 – Application Layer ProtocolT1610 – Deploy Container

Related Content


Submit a Comment

Your email address will not be published.

Ready to Simplify IT Management?

We will work with you to create a plan that meets your business needs, while helping you get more from your technology, with less work, and less worry about making it all run right.