Commando

Commando is a threat actor identified as being behind the "Commando Cat" attack campaign, which poses significant cybersecurity risks through the abuse of exposed Docker remote API servers. The Commando Cat attack sequence involves deploying benign containers generated using the publicly-available Commando project, an open-source GitHub project that creates Docker images on-demand for developers. This cryptojacking campaign leverages Docker as an initial access vector and abuses the service to mount the host's filesystem before running a series of interdependent payloads directly on the host. There's an uncertainty regarding the origin or identity of the threat actor behind Commando Cat, but there are overlaps in scripts and IP addresses with other groups like Team TNT, suggesting potential connections or copycat actions. The Commando threat actor has been involved in numerous malicious activities, with evidence linking it to Latin-American crime syndicates such as Commando Vermelho, Primeiro Comando da Capital (PCC), and Cartel Jalisco New Generation (CJNG) in financial fraud. Furthermore, a 2020 Congressional Research Service report indicates that the GRU, Russia’s military intelligence agency, operates both as an intelligence agency and as a military organization responsible for battlefield reconnaissance and the operation of Russia’s Spetsnaz military commando units. These associations suggest that Commando's activities could have broad geopolitical implications. In unrelated news, John Carpenter is working on a horror action game called Toxic Commando, developed in collaboration with Saber Interactive and Focus Entertainment. The game was revealed at the Summer Game Fest and will be released for PC, PS5, and Xbox Series X in 2024. The game, where players cooperatively fight hordes of zombies with guns and a wide variety of vehicles, shares a name with the threat actor but has no known connection to the cybersecurity issues described above.