Siloscape is a new strain of malware that targets Windows Server containers to execute code on the underlying node and spread in the Kubernetes cluster. The attack chain starts through attacks on web servers and other cloud applications, then the hackers leverage container escape techniques to execute. Then the malicious code searches for the kubectl.exe binary by name using regular expression on the host, using the global link to the hosts. The malware impersonates CExecSvc.exe to obtain SeTcbPrivilege privileges, then creates a symbolic link to its local containerized X drive.”]
Source: https://securityaffairs.co/wordpress/118690/cyber-crime/siloscape-backdoor-kubernetes-clusters.html