In 2022, compromised Docker Engine honeypots were utilized in a pro-Ukrainian denial-of-service (DoS) attack, targeting websites in Russia, Belarus, and Lithuania across various sectors, including government and military. The attack involved two Docker images, "abagayev/stop-russia" and "erikmnkl/stoppropaganda," both downloaded extensively but with an unknown number originating from compromised sources. These images leveraged Go-based tools to execute the attacks, with their target lists reportedly overlapping with those shared by the Ukraine IT Army (UIA), which had previously called for DDoS attacks against Russian targets. CrowdStrike's Falcon platform provided protection against these threats through its cloud-based machine learning models, detecting and terminating malicious processes. The assessment, based on high-quality intelligence, suggests these actions were automated and very likely supported pro-Ukrainian efforts, highlighting potential retaliatory risks for organizations inadvertently involved.