The Reveal Platform
Intel Name: Uncovering a tor-enabled docker exploit
Date of Scan: June 19, 2025
Impact: High
Summary: Cybercriminals have crafted a new attack method that leverages misconfigured Docker remote APIs and the Tor network to conduct covert cryptocurrency mining. Once inside containerized environments, attackers use Tor to conceal their operations while deploying crypto miners. A notable aspect of this campaign is the use of zstd, a compression tool based on the ZStandard algorithm, chosen for its efficiency. Cloud-reliant sectors—such as tech firms, financial institutions, and healthcare providers—are particularly at risk.
