ShadowV2 Botnet: Exploiting AWS Docker Containers for DDoS Attacks

In this video, we explore the emergence of the ShadowV2 botnet, a sophisticated new threat targeting misconfigured Docker containers on Amazon Web Services (AWS). Discovered on June 24, 2025, by cybersecurity researchers at Darktrace, this botnet allows customers to rent access for conducting distributed denial-of-service (DDoS) attacks. We'll break down the mechanics of this botnet, its command-and-control infrastructure, and the implications for organizations worldwide.

What youll learn:
The operational details of the ShadowV2 botnet and its unique methods.
The timeline of its discovery and the advanced techniques employed.
The potential impact on various sectors and actionable steps for organizations to bolster their defenses.

The ShadowV2 botnet primarily exploits misconfigured Docker containers on AWS cloud servers, deploying Go-based malware that turns infected systems into nodes for DDoS attacks. The campaign is notable for its sophisticated attack toolkit, which includes advanced techniques like HTTP/2 Rapid Reset and bypassing Cloudflare's Under Attack mode. The command-and-control framework is hosted on GitHub Codespaces, showcasing the evolving nature of cybercrime-as-a-service.

The botnet's design allows operators to easily configure and execute attacks through a user-friendly interface, indicating a shift towards modular and accessible cybercrime tools. As organizations increasingly rely on cloud infrastructure, the risk posed by such botnets becomes paramount. Cybersecurity experts emphasize the need for stringent security practices, including regular audits of cloud configurations and implementing robust access controls.

Furthermore, the ongoing battle against DDoS attacks is highlighted by recent incidents where Cloudflare reported blocking record-setting attacks. This context underscores the urgency for organizations to remain vigilant and proactive in their cybersecurity strategies.

As we delve deeper into the implications of the ShadowV2 botnet, we will also discuss what steps organizations can take to mitigate risks and prepare for potential attacks. This includes enhancing their security posture and ensuring proper configurations of cloud services.

Stay tuned as we unpack the details surrounding the ShadowV2 botnet and its impact on the cybersecurity landscape, providing insights for both professionals and the general public. Understanding these threats is crucial in an era where cyber attacks are becoming increasingly sophisticated and prevalent.