Publicly accessible GCP compute instance connected to known attack domain

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.


A publicly accessible GCP compute instance connected to a widely-known security testing domain. Security testing tools use these domains to validate if an attack has been successful.

A DNS lookup for a known security testing domain might indicate a successful application compromise or the active use of attacker tooling. This may have resulted from a vulnerable application or misconfigured public resources.


  1. Contain the incident by isolating or terminating the host or container. Consider snapshotting to enable further analysis if required.
  2. Determine the root cause for host compromise. Review critical and high vulnerabilities identified for the host or container that may indicate how the attackers were able to run code remotely on the workload.
  3. Update relevant infrastructure deployment mechanism (Terraform, helm, etc.) or software patch to prevent future continual compromise.