Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
P2PInfect Botnet Threatens Kubernetes via Exposed Redis

P2PInfect Botnet Threatens Kubernetes via Exposed Redis

Posted on May 21, 2026 By CWS

The P2PInfect botnet, a sophisticated piece of malware written in Rust, has been actively targeting cloud infrastructures since mid-2023. This botnet is now focusing on Kubernetes clusters by exploiting publicly accessible Redis instances. This shift represents a significant evolution in its tactics, moving from basic server infections to establishing a lasting presence within managed cloud platforms.

Exploiting Redis for Botnet Expansion

P2PInfect has gained notoriety for its focus on Redis, a widely used in-memory data store in cloud environments and web applications. By exploiting misconfigured Redis setups, the botnet leverages the database’s replication feature to integrate compromised nodes into its peer-to-peer mesh network. Once infiltrated, these hosts communicate with other infected peers, steadily expanding the botnet while awaiting further directives.

A key vulnerability exploited by P2PInfect is CVE-2022-0543, a Lua sandbox escape vulnerability with a critical CVSS score of 10.0. This flaw allows attackers to execute code on susceptible Redis instances, amplifying the botnet’s reach and effectiveness.

Infection Chain and Network Penetration

According to Fortinet’s FortiGuard Labs, recent analyses of P2PInfect compromises in Google Kubernetes Engine (GKE) clusters reveal a complex infection process. It starts with an exposed Redis service and culminates in a dormant yet fully integrated bot. This underscores how a single misconfiguration can enable a persistent threat within cloud ecosystems.

The impact of such an infection is profound, as Kubernetes clusters often support essential business operations and store sensitive data. Compromised nodes pose a growing risk, particularly for organizations using GKE or similar platforms without stringent network controls.

Stealthy and Persistent Threats

P2PInfect’s infection begins when a Redis instance within a Kubernetes cluster is accessible without adequate access restrictions. Attackers employ the SLAVEOF command, converting a legitimate Redis node into a subordinate of a malicious server. This maneuver allows the installation of arbitrary modules from the attacker’s infrastructure, providing a pathway for code execution within the container.

Between November 2025 and February 2026, FortiGuard Labs observed that compromised Redis hosts established outbound connections to multiple external nodes in a peer-to-peer network. This decentralized design complicates disruption efforts, as there is no single command server to target or disable.

Mitigation Strategies and Future Outlook

The dormant phase of P2PInfect within Kubernetes environments renders it particularly challenging to detect. Traditional security measures often identify noisy activities, but a quietly enrolled bot with minimal outbound communication can evade detection for extended periods.

FortiGuard Labs advises against exposing Redis instances directly to the internet and recommends enforcing strict network policies within Kubernetes clusters to limit internal communication. Regular audits for unauthorized connections and the deployment of runtime security tools to detect abnormal container behaviors are crucial.

Keeping Redis installations fully updated and restricting the replication feature in production environments can significantly reduce the attack surface utilized by P2PInfect. This proactive approach is essential for safeguarding cloud infrastructures against evolving threats.

Cyber Security News Tags:Botnet, cloud infrastructure, cloud security, container security, CVE-2022-0543, Cybersecurity, FortiGuard Labs, GKE, Kubernetes, Malware, network policies, P2PInfect, peer-to-peer network, Redis, Vulnerabilities

Post navigation

Previous Post: Apple Blocks 2 Million App Store Apps for Security in 2025
Next Post: New Linux Malware Showboat Targets Middle East Telecom

Related Posts

Critical Gogs Vulnerability Allows Remote Code Execution Critical Gogs Vulnerability Allows Remote Code Execution Cyber Security News
Chrome 0-Day, VMware Flaws Patched, Fortiweb Hack, Teams Abuse, and More Chrome 0-Day, VMware Flaws Patched, Fortiweb Hack, Teams Abuse, and More Cyber Security News
Microsoft’s Critical Windows 11 Updates Enhance Security Microsoft’s Critical Windows 11 Updates Enhance Security Cyber Security News
Hundreds of Free VPN Apps for Both Android and iOS Leaks Users Personal Data Hundreds of Free VPN Apps for Both Android and iOS Leaks Users Personal Data Cyber Security News
Apache CXF Vulnerability Risks Certificate Security Apache CXF Vulnerability Risks Certificate Security Cyber Security News
Threat Actors Weaponizing RMM Tools to Take Control of The Machine and Steal Data Threat Actors Weaponizing RMM Tools to Take Control of The Machine and Steal Data Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • AI Security Model Redeployment and Major Vulnerabilities
  • Flipper Zero Enhances Firmware Development Strategy
  • T3MP3ST Framework Transforms AI Into Security Pioneers
  • Microsoft Enhances Windows 11 OOBE with New Update
  • Government Pays $1M to Prevent Data Leak by Kairos Group

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • AI Security Model Redeployment and Major Vulnerabilities
  • Flipper Zero Enhances Firmware Development Strategy
  • T3MP3ST Framework Transforms AI Into Security Pioneers
  • Microsoft Enhances Windows 11 OOBE with New Update
  • Government Pays $1M to Prevent Data Leak by Kairos Group

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark