TeamTNT targeting AWS, Alibaba

Written by Darin Smith SummaryTeamTNT modified their scripts after they were made public by security researchersTeamTNT scripts primarily target AWS, but can also run in on-premise, container, or other forms of Linux instancesTeamTNT Payloads include credential stealers, cryptocurrency mining,… [[ This is only the beginning! Please visit the blog for the complete entry ]]

Continue Reading

TeamTNT group targets poorly configured Docker servers exposing REST APIs

TeamTNT hackers are targeting poorly configured Docker servers as part of an ongoing campaign that started in October. Trend Micro researchers reported that TeamTNT hackers are targeting poorly configured Docker servers exposing Docker REST APIs as part of an ongoing campaign that started in October. Threat actors execute malicious scripts to deploy Monero cryptocurrency miners, […]

Continue Reading

TeamTNT Deploys Malicious Docker Image On Docker Hub

The Uptycs Threat Research Team spotted a campaign in which the TeamTNT threat actors deployed a malicious container image on Docker hub. The Uptycs Threat Research Team recently identified a campaign in which the TeamTNT threat actors deployed a malicious container image (hosted on Docker Hub) with an embedded script to download Zgrab scanner and masscanner—penetration testing tools […]

Continue Reading

TeamTNT cybercrime gang expands its arsenal to target thousands of orgs worldwide

The financially motivated TeamTNT hacking group expanded its arsenal with new tools used to target thousands of victims worldwide. Researchers from AT&T Alien Labs uncovered a new campaign, tracked as Chimaera, conducted by the TeamTNT group, aimed at organizations worldwide. Evidence collected by the experts suggests that the campaign began on July 25, 2021, threat actors […]

Continue Reading

Nearly 50,000 IPs compromised in Kubernetes clusters by TeamTNT

Researchers discovered about 50,000 IPs across multiple Kubernetes clusters that were compromised by the TeamTNT.threat actors. Researchers from Trend Micro reported that about 50,000 IPs were compromised across multiple Kubernetes clusters in a cryptojacking campaign conducted by TeamTNT group. Kubernetes is an open-source container-orchestration system for automating computer application deployment, scaling, and management. It aims to […]

Continue Reading

TeamTNT: New Credential Harvester Targets Cloud Services and other Software

  Secrets must be kept confidential in order for networks to be protected and supply-chain attacks to be avoided. Malicious actors frequently target secrets in storage mechanisms and harvest credentials from systems that have been compromised. DevOps software often stores credentials in plain text that is accessible even without user intervention, posing a significant security […]

Continue Reading