The operation was known as Kiss-a-dog by the cybersecurity firm CrowdStrike, and it shared command-and-control infrastructure with other groups like TeamTNT that are known to attack improperly configured Docker and Kubernetes systems.
The incursions, which were discovered in September 2022, are named after a domain called “kiss.a-dog[.]top” that is used to execute a shell script payload on the compromised container using a Python command that is Base64-encoded. Read More…