Cybersecurity researchers from Darktrace have unveiled the ShadowV2 botnet, a sophisticated cybercrime operation exploiting misconfigured Docker containers on Amazon Web Services (AWS) to facilitate distributed denial-of-service (DDoS) attacks. This botnet represents a significant evolution in cyber threats, functioning as a subscription service with an advanced command-and-control framework that includes APIs and user interfaces, allowing clients to execute DDoS attacks seamlessly. The attackers leverage the Python Docker SDK to communicate with exposed Docker daemons, building malicious containers directly on the victim’s server to minimize forensic traces. This campaign underscores a troubling trend where cybercrime is industrialized, treating such attacks as a commodifiable service. The implications of this shift are profound, as it poses a heightened risk to cloud infrastructure security and demands more robust cybersecurity measures to safeguard against increasingly sophisticated threats. The emergence of such advanced cyber capabilities highlights the urgent need for vigilant defense strategies, particularly as the global landscape becomes more reliant on cloud technologies.