Researchers from cybersecurity vendor CrowdStrike have detected a denial-of-service (DoS) attack compromising Docker Engine honeypots to target Russian and Belarusian websites amid the ongoing Russia-Ukraine war. According to the firm, the honeypots were compromised four times between February 27 and March 1, 2022, with two different Docker images that both share target lists that overlap with domains reportedly shared by the Ukraine government-backed Ukraine IT Army.
CrowdStrike has therefore linked the attacks to pro-Ukrainian activity against Russia. It has also warned of the risk of retaliatory activity by threat actors supporting the Russian Federation against organizations being leveraged to conduct disruptive attacks against government, military, and civilian websites.