CyberHappenings logo
☰

Track cybersecurity events as they unfold. Sourced timelines, daily updates. Fast, privacy‑respecting. No ads, no tracking.

ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service

First reported
Last updated
πŸ“° 1 unique sources, 1 articles

Summary

Hide β–²

The ShadowV2 botnet targets misconfigured Docker containers on AWS to deploy a Go-based malware, turning infected systems into DDoS attack nodes. The botnet uses advanced DDoS techniques and a Python-based C2 framework hosted on GitHub Codespaces. It incorporates a Python-based spreader module to breach Docker daemons and a Go-based RAT for command execution and communication. The botnet is designed to offer a DDoS-for-Hire service, with an extensive API and user interface. The botnet was first detected on June 24, 2025. It uses sophisticated methods such as HTTP/2 Rapid Reset and Cloudflare UAM bypass. The C2 server is hosted behind Cloudflare, and the botnet leverages containerization and modular functionality to deliver attacks.

Timeline

  1. 23.09.2025 14:26 πŸ“° 1 articles Β· ⏱ 9h ago

    ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service

    The ShadowV2 botnet targets misconfigured Docker containers on AWS to deploy a Go-based malware, turning infected systems into DDoS attack nodes. The botnet uses advanced DDoS techniques and a Python-based C2 framework hosted on GitHub Codespaces. It incorporates a Python-based spreader module to breach Docker daemons and a Go-based RAT for command execution and communication. The botnet is designed to offer a DDoS-for-Hire service, with an extensive API and user interface. The botnet was first detected on June 24, 2025. It uses sophisticated methods such as HTTP/2 Rapid Reset and Cloudflare UAM bypass. The C2 server is hosted behind Cloudflare, and the botnet leverages containerization and modular functionality to deliver attacks.

    Show sources

Information Snippets