OP 27 October, 2024 - 06:59 PM
The infamous cryptojacking group known as TeamTNT appears to be readying for a new large-scale campaign targeting cloud-native environments for mining cryptocurrencies and renting out breached servers to third-parties.
"The group is currently targeting exposed Docker daemons to deploy Sliver malware, a cyber worm, and cryptominers, using compromised servers and Docker Hub as the infrastructure to spread their malware," Assaf Morag, director of threat intelligence at cloud security firm Aqua, said in a report published Friday.
The attack activity is once again a testament to the threat actor's persistence and its ability to evolve its tactics and mounting multi-stage assaults with the goal of compromising Docker environments and enlisting them into a Docker Swarm.
Besides using Docker Hub to host and distribute their malicious payloads, TeamTNT has been observed offering the victims' computational power to other parties for illicit cryptocurrency mining, diversifying its monetization strategy.
Rumblings of the attack campaign emerged earlier this month when Datadog disclosed malicious attempts to corral infected Docker instances into a Docker Swarm, alluding it could be the work of TeamTNT, while also stopping short of making a formal attribution. But the full extent of the operation hasn't been clear, until now.
Morag told The Hacker News that Datadog "found the infrastructure in a very early stage" and that their discovery "forced the threat actor to change the campaign a bit."
![[Image: docker.webp]](https://i.ibb.co/H4jngKR/docker.webp)
source : Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining
"The group is currently targeting exposed Docker daemons to deploy Sliver malware, a cyber worm, and cryptominers, using compromised servers and Docker Hub as the infrastructure to spread their malware," Assaf Morag, director of threat intelligence at cloud security firm Aqua, said in a report published Friday.
The attack activity is once again a testament to the threat actor's persistence and its ability to evolve its tactics and mounting multi-stage assaults with the goal of compromising Docker environments and enlisting them into a Docker Swarm.
Besides using Docker Hub to host and distribute their malicious payloads, TeamTNT has been observed offering the victims' computational power to other parties for illicit cryptocurrency mining, diversifying its monetization strategy.
Rumblings of the attack campaign emerged earlier this month when Datadog disclosed malicious attempts to corral infected Docker instances into a Docker Swarm, alluding it could be the work of TeamTNT, while also stopping short of making a formal attribution. But the full extent of the operation hasn't been clear, until now.
Morag told The Hacker News that Datadog "found the infrastructure in a very early stage" and that their discovery "forced the threat actor to change the campaign a bit."
source : Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining