ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service
сент. 23, 2025
Botnet / Cloud Security
Cybersecurity researchers have disclosed details of a new botnet that customers can rent access to conduct distributed denial-of-service (DDoS) attacks against targets of interest. The ShadowV2 botnet, according to Darktrace, predominantly targets misconfigured Docker containers on Amazon Web Services (AWS) cloud servers to deploy a Go-based malware that turns infected systems into attack nodes and co-opt them into a larger DDoS botnet. The cybersecurity company said it detected the malware targeting its honeypots on June 24, 2025. "At the center of this campaign is a Python-based command-and-control (C2) framework hosted on GitHub Codespaces," security researcher Nathaniel Bill said in a report shared with The Hacker News. "What sets this campaign apart is the sophistication of its attack toolkit. The threat actors employ advanced methods such as HTTP/2 Rapid Reset , a Cloudflare under attack mode ( UAM ) bypass, and large-scale HTTP floods, demonstrating a capabi...
