Attackers Use Docker APIs, Tor Anonymity in Stealthy Crypto Heist
The attack is similar to previous campaigns by an actor called Commando Cat to use misconfigured APIs to compromise containers and deploy cryptocurrency miners.
Tor is an anonymity network that routes traffic through relays, supporting privacy while also complicating the investigation of online abuse.
Search across headline titles and summaries.
Background for this topic.
Tor is an open-source privacy network that routes Internet traffic through a sequence of volunteer-operated relays. Layered encryption limits what each relay can learn about the connection, helping users resist traffic monitoring, censorship, and location tracking. Tor also supports onion services, which are reachable within Tor without exposing a conventional server address. It provides anonymity protections, not a guarantee of anonymity or confidentiality.
Security practitioners should remember that Tor does not encrypt traffic beyond the network: an exit relay can observe unencrypted application data, so HTTPS and secure application design remain necessary. Endpoint compromise, unsafe browser configuration, fingerprinting, or opening downloaded content can also identify or harm a user. A powerful observer may correlate traffic entering and leaving the network. In enterprise investigations, Tor connections are useful leads but weak attribution evidence because many unrelated users share relay addresses; correlate them with authentication, endpoint, and application telemetry rather than treating a Tor IP as proof of malicious activity.
Weekly headline count for the current query.
The attack is similar to previous campaigns by an actor called Commando Cat to use misconfigured APIs to compromise containers and deploy cryptocurrency miners.
After claiming responsibility for the ransomware attack in 2024, the "Embargo" ransomware group posted 1.15 terabytes of stolen data to its public Tor site.
The innocuously named Russian-sponsored cyber threat actor has combined critical and serious vulnerabilities in Windows and Firefox products in a zero-click code execution exploit.
Okta warns users that the attack requests are made through an anonymizing service like Tor or various commercial proxy networks.
Attackers are targeting cryptocurrency accounts belonging to users in Russia and more than 50 other countries.