Team TNT Malware Campaign
admin
admin 9 months ago
admin #news

SilentBob: Team TNT Malware Campaign Targeting Misconfigured Servers

The Legendary TeamTNT Strikes Again In To Game After 2 Years! In This Article You Will Learn How They Utilize a Cloud Worm Malware to Steal Your Data And Money Without Even Being Detected. Protect Your Data and Finances Now!

Security experts at Aqua Security have warned that the TeamTNT gang may be developing a big new campaign against the cloud called "SilentBob". Such suspicions developed after analysts identified hackers targeting misconfigured servers.


Aqua Security started a case investigation after noticing an attack on one of its lures. Subsequently, 4 images of malicious containers were identified. However, given that several elements of the code have gone unused and there appears to be some manual testing now occurring, the researchers argued that the campaign has not yet fully begun.


According to the experts, the infrastructure is in the early phases of testing and deployment, and generally corresponds to an aggressive cloud worm designed to run on JupyterLab and Docker public APIs to deploy Tsunami malware, collect passwords, seize resources, and further infect the worm.


TeamTNT is a cybercriminal group well known for dangerous and destructive attacks on cloud systems, primarily Docker and Kubernetes environments. This group is really specialized in cryptomining.


Although TeamTNT went out of business at the end of 2021, Aqua Security attributed the current campaign to TeamTNT based on the use of the Tsunami virus, the dAPIpwn functionality, and a C2 server that responds in German.


Detected group activity begins when an attacker detects a misconfigured Docker API or JupyterLab server and deploys a container or interacts with the Command Line Interface ( CLI ) to scan for other victims.


Such a method is designed to transmit malware to more servers. The secondary payload includes a cryptominer and a backdoor, with the backdoor exploiting the Tsunami virus as an attack weapon. Aqua Security has produced a set of tips to help enterprises mitigate the danger.


0
301

Login to Post comments

Comments 0
CraxsRat - Android Rat Download

CraxsRat - Android Rat Download

1673775682.png
admin
 1 year ago
Chinese Hackers Exploiting Google Play Store For Spreading Their Malware As File Manager

Chinese Hackers Exploiting Google Play Store For Spreading Their Malwa...

1673775682.png
admin
 9 months ago
AhRat Android Trojan Infects 50,000 Smartphones via Google Play Store

AhRat Android Trojan Infects 50,000 Smartphones via Google Play Store

1673775682.png
admin
 11 months ago
Researchers uncover details of how Predator spyware works

Researchers uncover details of how Predator spyware works

1673775682.png
admin
 11 months ago
DogeRAT: A New Mobile Remote Access Trojan Targeting Android Users in India

DogeRAT: A New Mobile Remote Access Trojan Targeting Android Users in...

1673775682.png
admin
 10 months ago