From botnet to business platform: ShadowV2 is not just malware, it is a marketplace. Darktrace uncovered a full operator interface built with Tailwind and FastAPI, complete with Swagger documentation, admin and user privilege tiers, blacklists, and modular attack options. The design mirrors legitimate SaaS platforms, featuring dashboards and animations that make DDoS as easy as clicking ‘start’.Jason Soroko, senior fellow at Sectigo, sees this as part of a broader criminal trend. “This research points to a maturing criminal market where specialization beats sprawl. The presence of an API and full UI turns botnet into a problem, which shifts detection from host indicators toward control plane behaviors,” Soroko said.Rather than isolated campaigns, defenders now face products with roadmaps, feature upgrades, and customer support models, Soroko added. Darktrace researchers echoed Soroko’s concerns, adding that countering ShadowV2 would need a layered approach including deep visibility into containerized environments, and behavioral analytics to flag anomalies in Docker APIs and container orchestration activity.Misconfigured containers remain a go-to target, as seen in the ECScape flaw, exposed Kubernetes APIs, and the Silentbob worm attack, all showing how small oversights can expose DevOps to large-scale attacks.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4061598/shadowv2-turns-ddos-into-a-cloud-native-subscription-service.html
