Aqua Blog

Asaf Eitani

Asaf Eitani
Asaf is a Security Researcher at Aqua Nautilus research team. He focuses on researching Linux malware, developing forensics tools, and analyzing new attack vectors in cloud native environments. In his spare time, he likes painting, playing beach volleyball, and carving wood sculptures.
HeadCrab 2.0: Evolving Threat in Redis Malware Landscape

HeadCrab 2.0: Evolving Threat in Redis Malware Landscape

At the beginning of 2023, Aqua Nautilus researchers uncovered HeadCrab - an advanced threat actor utilizing a state-of-the-art, custom-made malware that compromised 1,200 Redis servers. As you know in the ever-evolving world of cybersecurity, threat actors continually adapt and refine their techniques. Recently, our …

Continue reading ›
HeadCrab: A Novel State-of-the-Art Redis Malware in a Global Campaign

HeadCrab: A Novel State-of-the-Art Redis Malware in a Global Campaign

This blog was co-authored by Nitzan Yaakov

Aqua Nautilus researchers discovered a new elusive and severe threat that has been infiltrating and residing on servers worldwide since early September 2021. Known as HeadCrab, this advanced threat actor utilizes a state-of-the-art, custom-made malware that is undetectable by …

Continue reading ›
Detecting Drovorub's File Operations Hooking with Tracee

Detecting Drovorub's File Operations Hooking with Tracee

This blog was co-authored by Itamar MaoudaTwo years ago, the NSA (the United States' National Security Agency) revealed that Drovorub, an advanced Russian malware created by the GRU 85th GTsSS team, had been discovered targeting Linux systems. Drovorub works by introducing advanced techniques which can manipulate the …

Continue reading ›
Detecting and Capturing Kernel Modules with Tracee and eBPF

Detecting and Capturing Kernel Modules with Tracee and eBPF

Security practitioners often need to investigate malicious artifacts in their environments, which can be challenging if those are deleted or loaded from memory. This is increasingly the case as threat actors are weaponizing Linux kernel modules to perform and hide their attacks. In this blog, we look into kernel …

Continue reading ›
Threat Alert: Threat Actors Using release_agent Container Escape

Threat Alert: Threat Actors Using release_agent Container Escape

Earlier this year, Aqua’s Team Nautilus detected a cryptocurrency mining campaign targeting our honeypots. As part of the campaign, the threat actors used a container escape technique that leverages the CGroup release_agent feature. This technique allows an attacker to break out from the container and compromise the …

Continue reading ›