S0623: Siloscape

Siloscape is malware that targets Kubernetes clusters through Windows containers. Siloscape was first observed in March 2021.[1]

EnterpriseS0623MalwareObject v1.0 Modified Apr 25, 2025, 14:43 UTC (UTC+00:00)

Siloscape matters because it is malware described by ATT&CK as targeting Kubernetes clusters through Windows containers. For leaders, the practical risk is not just a Windows host issue or just a container issue; it sits at the boundary between container platforms, cloud operations, privilege management, and incident response readiness.

Executive priority

Prioritize validation of Windows-container Kubernetes environments, especially where public-facing services, container administration interfaces, elevated permissions, or weak vulnerability management could create a path from initial access to privilege escalation and container escape. This object is useful for board and audit conversations about whether cloud/container security evidence is actually collected, retained, and reviewed across both Windows and Kubernetes control planes.

Technical view

ATT&CK does not provide a detection section for Siloscape, so defenders should build coverage from the mapped behaviors: exploitation of public-facing applications, Windows command shell execution, container administration command execution, privilege escalation exploitation, token impersonation/theft, container escape to host, discovery of files, software, and permission groups, obfuscation/deobfuscation, native API use, and application-layer or multi-hop proxy command-and-control. SOC and IR teams should validate visibility across both the Windows container workload and the Kubernetes/container administration layer, not only traditional endpoint logs.

Likely telemetry

Windows process creation and command-line telemetry, especially cmd.exe and unusual child processes from containerized workloads
Container runtime and Kubernetes API/audit logs showing administrative command execution or unexpected container operations
Host and container boundary events relevant to container escape attempts or privileged container behavior
Vulnerability and exposure data for public-facing applications and container/Kubernetes components
Identity, group, permission, and token-related events relevant to privilege escalation or impersonation on Windows and container platforms

Detection direction

Because official ATT&CK detection guidance is not provided, map detections to the related techniques rather than to the malware name alone.
Correlate public-facing application activity with later Windows command shell execution, container administration commands, privilege changes, and discovery behavior.
Tune for context: administrative Kubernetes and Windows operations can be legitimate, so detections should account for expected automation, service accounts, maintenance windows, and approved container management workflows.
Validate that telemetry spans Windows containers, the underlying host, Kubernetes/API control plane activity, and network egress; single-layer monitoring is a likely blind spot.
Review egress monitoring for application-layer communications and proxy patterns, but avoid assuming maliciousness without host, container, or identity context.

Mitigation priorities

Start with accurate inventory of Kubernetes clusters using Windows containers and identify public-facing services or administration interfaces.
Prioritize patching and configuration management for public-facing applications and components where privilege escalation or container escape would be high impact.
Restrict and monitor container administration services such as Kubernetes API access according to least privilege.
Harden identity and permission models for Windows, container workloads, and Kubernetes roles; reduce unnecessary elevated permissions and service account scope.
Segment and control network egress from containerized workloads, with logging sufficient to support incident response.

Analyst notes and limits

The supplied ATT&CK object identifies Siloscape as malware targeting Kubernetes clusters through Windows containers and provides technique relationships that shape defensive priorities. The most useful defensive interpretation is cross-domain: endpoint, container, identity, vulnerability management, and cloud/Kubernetes telemetry must be assessed together.

ATT&CK provides no official detection text, no aliases, and no explicit tactics on the malware object itself. The guidance above is derived from supplied relationships and official fields only; local architecture, logging configuration, exposed services, and normal administrative behavior are required to determine actual risk and detection coverage.

Official MITRE ATT&CK definition

Siloscape

Siloscape is malware that targets Kubernetes clusters through Windows containers. Siloscape was first observed in March 2021.[1]

View the same entry on attack.mitre.org (MITRE-hosted reference; in-page links above use the Glexia ATT&CK library.)

Glexia analysis

How security teams should use this page

Treat this object as behavior context, not an attribution claim. Validate the related groups, software, data sources, and mitigations against official ATT&CK relationships and your own telemetry before making control-coverage decisions.

ATT&CK relationship table

Techniques used

This mirrors the MITRE pattern of making group, software, campaign, and technique relationships scannable. Relationship notes come from mirrored ATT&CK relationship text when available.

Filter related techniques 14 rows

Domain	ID	Name	Relationship / procedure
Enterprise	T1518	Software Discovery	Siloscape searches for the kubectl binary.CitationUnit 42 Siloscape Jun 2021
Enterprise	T1190	Exploit Public-Facing Application	Siloscape is executed after the attacker gains initial access to a Windows container using a known vulnerability.CitationUnit 42 Siloscape Jun 2021
Enterprise	T1090.003	Multi-hop Proxy Sub-technique	Siloscape uses Tor to communicate with C2.CitationUnit 42 Siloscape Jun 2021
Enterprise	T1611	Escape to Host	Siloscape maps the host’s C drive to the container by creating a global symbolic link to the host through the calling of `NtSetInformationSymbolicLink`.CitationUnit 42 Siloscape Jun 2021
Enterprise	T1071	Application Layer Protocol	Siloscape connects to an IRC server for C2.CitationUnit 42 Siloscape Jun 2021
Enterprise	T1140	Deobfuscate/Decode Files or Information	Siloscape has decrypted the password of the C2 server with a simple byte by byte XOR. Siloscape also writes both an archive of Tor and the `unzip` binary to disk from data embedded within the payload using Visual Studio’s Resource Manager.CitationUnit 42 Siloscape Jun 2021
Enterprise	T1059.003	Windows Command Shell Sub-technique	Siloscape can run cmd through an IRC channel.CitationUnit 42 Siloscape Jun 2021
Enterprise	T1068	Exploitation for Privilege Escalation	Siloscape has leveraged a vulnerability in Windows containers to perform an Escape to Host.CitationUnit 42 Siloscape Jun 2021
Enterprise	T1083	File and Directory Discovery	Siloscape searches for the Kubernetes config file and other related files using a regular expression.CitationUnit 42 Siloscape Jun 2021
Enterprise	T1027	Obfuscated Files or Information	Siloscape itself is obfuscated and uses obfuscated API calls.CitationUnit 42 Siloscape Jun 2021
Enterprise	T1609	Container Administration Command	Siloscape can send kubectl commands to victim clusters through an IRC channel and can run kubectl locally to spread once within a victim cluster.CitationUnit 42 Siloscape Jun 2021
Enterprise	T1069	Permission Groups Discovery	Siloscape checks for Kubernetes node permissions.CitationUnit 42 Siloscape Jun 2021
Enterprise	T1134.001	Token Impersonation/Theft Sub-technique	Siloscape impersonates the main thread of `CExecSvc.exe` by calling `NtImpersonateThread`.CitationUnit 42 Siloscape Jun 2021
Enterprise	T1106	Native API	Siloscape makes various native API calls.CitationUnit 42 Siloscape Jun 2021

Relationship explorer

All related ATT&CK context

Change history

Object version and sync metadata

The fields below describe the current mirrored snapshot. When Glexia retains multiple ATT&CK source imports, you can open the table to compare the same object across releases (hashes and MITRE timestamps). For MITRE’s own release notes and roadmap, see ATT&CK resources — Updates .

ATT&CK release: 19.1
Object version: 1.0
Created: Jun 18, 2021, 15:26 UTC (UTC+00:00)
Modified: Apr 25, 2025, 14:43 UTC (UTC+00:00)
Raw hash: 7f9aaaffed2afd4b...

Imported snapshots across ATT&CK releases (1)

Release	Bundle imported	Object version	Modified	Status	Raw hash
19.1	May 18, 2026, 07:08 UTC (UTC+00:00)	1.0	Apr 25, 2025, 14:43 UTC (UTC+00:00)	Current bundle	`7f9aaaffed2a…`

Raw source

Mirrored ATT&CK source object

The raw object is retained through the mirrored ATT&CK source bundle and object hash. The raw endpoint returns the exact object from the mirrored bundle when available.

Open mirrored raw JSON Open MITRE-hosted copy

Source references

External references and citations

MITRE external references are preserved separately from Glexia analysis so citations remain traceable to their original source records.

[1]
Unit 42 Siloscape Jun 2021

Prizmant, D. (2021, June 7). Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments. Retrieved June 9, 2021.
Open source URL
[2]
mitre-attack S0623
Open source URL

Source and licensing

Source: MITRE ATT&CK®. © 2026 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. MITRE ATT&CK and ATT&CK are registered trademarks of The MITRE Corporation. Glexia is not affiliated with or endorsed by MITRE.

Official MITRE ATT&CK site Official STIX data repository MITRE ATT&CK terms of use