Cybersecurity researchers have disclosed details of a new botnet that customers can rent access to conduct distributed denial-of-service (DDoS) attacks against targets of interest.

The ShadowV2 botnet, according to Darktrace, predominantly targets misconfigured Docker containers on Amazon Web Services (AWS) cloud servers to deploy a Go-based malware that turns infected systems into attack nodes and co-opt them into a larger DDoS botnet. The cybersecurity company said it detected the malware targeting its honeypots on June 24, 2025.

"At the center of this campaign is a Python-based command-and-control (C2) framework hosted on GitHub Codespaces," security researcher Nathaniel Bill said in a report shared with The Hacker News.

"What sets this campaign apart is the sophistication of its

See Full Page