Skip to main content
banner image
venafi logo

Cyber Attackers Tap Cloud Native Technologies in Russia-Ukraine War

Cyber Attackers Tap Cloud Native Technologies in Russia-Ukraine War

March 18, 2022 | Brooke Crothers

The Russia-Ukraine conflict has galvanized the hacktivist community, drawing in groups such as Anonymous, which regularly engages in cyberattacks to support its causes. As part of the attack strategy, cloud native technologies are being used, according to Aqua, a cloud native security company.

Tale of 3 Clouds eBook: How Venafi Creates Digital Transformation

Aqua said it gathered data from public repositories that contain code and tools for targeting cyber-aggression on both sides of the conflict. Then it analyzed container images in Docker Hub and popular code libraries and software packages (including PyPI, NPM, Ruby), searching for names and text labels that called for action against either side.

This was first reported by ZDNet.

“As part of our research efforts, we regularly deploy honeypots, i.e., misconfigured cloud native applications based on Docker and Kubernetes or other widely used applications such as databases,” according to Aqua.

Of the public sources, about 40% of the packages were denial-of-service (DoS) activity aimed at online services. Aqua also found sources that suggested doxing of high-ranking individuals.

A whopping 84% of the targets were affiliated with IP addresses in Russia and only 16% in Ukraine.

Network and media organizations were attacked most often, Aqua said.

Containers weaponized

Containers were employed in attacks: 

These container images have published instructions and source code on GitHub, including a list of targets with Russian website addresses. Among other things, the guidelines explained how to initiate an attack and what tools to download, allowing non-professionals to launch an attack on their own.

"As we see, the repositories have played a major role in the ongoing virtual conflict, making cloud native tools widely available to a less technical audience. This once again shows that today you don’t have to be a skilled hacker to take part in cyber war.

--Cloud Native Technologies Used in Russia-Ukraine Cyber Attacks, Aqua, March 15, 2022

Other findings in the report include:

  • A container image that contains a DoS attack tool that targets financial data and service providers in Russia.
  • A container image with a DDoS attack tool over TCP protocol through multiple connection requests, which targets multiple service providers in Russia.
  • Both container images also included attack tools that initiate a DNS flood aimed at Russian banks.

The findings underscore the outsized role that individuals can play in a geopolitical conflict by distributing simple automated tools that allow less skilled actors to participate in a cyber war, Aqua concluded.

As cloud native development efforts gain momentum in large organizations everywhere, containers will continue to be used in new and interesting ways. Sometimes for good. Sometimes for bad. As such, it’s critical that you understand exactly how cloud native technologies are being used and who can access them in your organization.

Related Posts

Like this blog? We think you will love this.
Featured Blog

How DoS/DDoS Attacks Impact Machine Identity, Digital Certificates

For safe and secure utilization of machine identities such as SSL/TLS cer

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Brooke Crothers
Brooke Crothers
Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more