TeamTNT Upgrades Arsenal, Refines Focus on Kubernetes and GPU Environments

In previous entries, we described how the hacking group TeamTNT targeted unsecured Redis instances, exposed Docker APIs, and vulnerable Kubernetes clusters in order to deploy cryptocurrency-mining payloads and credential stealers. TeamTNT was one of the first cybercriminal groups to focus Read More …

TeamTNT Campaigns Emphasize Importance of Addressing Cloud Security Gaps

Having covered TeamTNT in several of our blog entries over the past couple of years, we embarked on a research that encompasses the malicious actor group’s campaigns, tools, and techniques in 2020 and early 2021. Although believed to have been Read More …

TeamTNT Actively Enumerating Cloud Environments to Infiltrate Organizations

TeamTNT has been evolving their cloud-focused cryptojacking operations for some time now. TeamTNT operations have targeted and, after compromise, exfiltrated AWS credentials, targeted Kubernetes clusters and created new malware called Black-T that integrates open source cloud native tools to assist Read More …

TeamTNT Targets Kubernetes, Nearly 50,000 IPs Compromised in Worm-like Attack

Kubernetes is the most widely adopted container orchestration platform for automating the deployment, scaling, and management of containerized applications. Unfortunately, like any widely used application, it makes for an attractive target for threat actors as they are often misconfigured, especially Read More …