The cyber sleuths over at Cado Security just pulled the curtain back on an advanced cyber onslaught they’re calling “Commando Cat.” And guess what? It’s been prowling around the digital world since the early days of 2024, marking it as the second such discovery in a mere couple of months.
So, what’s the deal with Commando Cat? The attackers are quite crafty, using exposed Docker API endpoints as their playground. They kick things off with a payload that’s as sneaky as it is dependent on their server, making Docker their gateway into the targets. The first container they deploy is like a Trojan horse; it looks harmless but is anything but. It’s built using the Commando open-source tool, and it’s just the first step in their plan to break free from the container and unleash havoc on the Docker host itself.
And the chaos they aim to unleash? It’s all about the short-term gains. They’re looking to dig in deep for persistence, sneak in backdoors, swipe cloud service credentials, and fire up cryptocurrency miners. Speaking of which, the star of their mining show is XMRig, notorious for mining Monero (XMR). Why Monero, you ask? Well, it’s the go-to for privacy buffs, practically leaving no trace behind.
Stolen files are stored in a unique folder
In a twist, the Commando Cat crew has a trick up their sleeve for hiding their loot, opting for a unique folder to stash stolen files. It’s a slick move that’s giving digital forensic teams a real headache. As for the masterminds behind this feline-named fiasco? The jury’s still out. While there’s some overlap with another notorious group, TeamTNT, in terms of shell scripts and command-and-control (C2) IP addresses, the Cado team isn’t convinced they’re the culprits. Instead, they’re eyeing a copycat gang as the likely perpetrators.
For those of you running Docker, it’s time to batten down the hatches. Updating your Docker instances and fortifying your digital defenses is the call of the hour, as per the wise words from Cado Security.
Stay safe out there, and keep an eye out for Commando Cat—it’s one clever adversary you don’t want sneaking through your digital back door.
{{user}} {{datetime}}
{{text}}