This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
A cybercriminal gang known as TeamTNT has been ramping up its cloud-focused cryptojacking operations for some time now. TeamTNT operations have targeted Kubernetes clusters due to their wide usage and are an attractive target for threat actors running primarily in cloud environments with access to nearly infinite resources.
Attackers have also designed new malware called Black-T that unites open-source cloud-native tools to assist in their cryptojacking operations. Once getting a foothold into a Kubernetes cluster, the malware attempted to spread over as many containers as possible, leading to malicious activity.
Palo Alto’s Unit 42 researchers have discovered and confirmed close to 50,000 IPs compromised by this malicious campaign perpetrated by TeamTNT across multiple clusters. Several IPs were repeatedly exploited during the timeframe of the episode, occurring between March and May. Most of the compromised nodes were from China and the US — identified in the ISP (Internet Service Provider) list, which had Chinese and US-based providers as the highest hits, including some CSPs (Cloud Service Providers)
TeamTNT has gathered 6.52012192 Monero coins via a cryptojacking campaign, which is equal to USD 1,788. The mining operation was found to be operating at an average speed of 77.7KH/s across eight mining workers. Op
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: TeamTNT Targeting Organizations Via Cryptojacking Malware