The TeamTNT team launches new attacks on cloud services for cryptomining

28 October 2024 1 minute Author: Newsman

TeamTNT has launched a new large-scale campaign targeting cloud services for cryptocurrency mining. Using compromised servers, attackers not only mine cryptocurrency, but also lease resources to third parties.

TeamTNT focuses on open Docker services to distribute malware, including Sliver and cryptominers, through Docker Hub accounts to reach more servers. An investigation by Aqua Security revealed the use of the Docker infrastructure for automated threat propagation, including the introduction of malware via bulk port scanning tools. Datadog reported that TeamTNT is also bringing the attacked Docker services into the Docker Swarm network, which expands their illegal infrastructure. Instead of Tsunami, the group uses the new Sliver framework to gain remote control over infected machines.

TeamTNT is well known in cyberspace for its ability to quickly adapt to new illegal mining technologies. The organization first drew attention to itself when it attacked cloud infrastructure to steal computing resources. Their actions included scanning available Docker APIs and introducing malicious containers to mask their operations and optimize resources.

Other related articles
News
Read more
Four members of the REvil gang were sentenced to prison in Russia
Four members of the cybercriminal group REvil have been sentenced to prison in Russia. The convictions were based on cybercrime charges, including money laundering and hacking. The group has been linked to a series of large-scale attacks on well-known companies, including JBS and Kaseya, which caused serious global repercussions and financial losses.
54
Found an error?
If you find an error, take a screenshot and send it to the bot.