Malware dubbed Siloscape targets Windows containers to compromise Kubernetes clusters with the end goal of backdooring them and paving the way for attackers to abuse them in other malicious activities. Unit 42 security researcher Daniel Prizmant identified 23 active victims and found that the malware’s C2 server was hosting 313 users in total, hinting at a larger part of a larger campaign. The malware exploits known vulnerabilities impacting web servers and databases with the goal of compromising and backdooring clusters. The attack is the first one to target Windows containers in cloud environments.
Source: https://www.bleepingcomputer.com/news/security/new-kubernetes-malware-backdoors-clusters-via-windows-containers/