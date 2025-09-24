Network Security, Cloud Security

Novel ShadowV2 DDoS platform examined

SecurityWeek reports that unsecured Docker containers have been targeted by the newly emergent ShadowV2 distributed denial-of-service platform, which also enables its customers to deploy their own DDoS intrusions.

Attacks with ShadowV2 commence with a GitHub CodeSpaces-hosted Python script aimed at compromising Docker daemons on internet-exposed AWS cloud instances with a generic setup container serving as a Go-based binary wrapper, according to an analysis from Darktrace.

Aside from leveraging configurable HTTP clients for HTTP flood attacks, such malware also enables HTTP2 rapid resets and other mechanisms to circumvent detection.

Additional findings revealed ShadowV2's utilization of authenticated user API and multiple account privilege levels, indicating its operation as a DDoS-as-a-service platform. Similar sentiments have been expressed by Sectigo senior fellow Jason Soroko.

"Defenders should treat this as a product with a roadmap, watching for modular upgrades, abuse of legitimate cloud services, and new tenancy models rather than isolated campaigns," Soroko added.

