Aliases
Adept Libra (PA)
Tags
Cryptojacking
Attribution
💰Cybercrime
References
https://unit42.paloaltonetworks.com/teamtnt-operations-cloud-environments/https://unit42.paloaltonetworks.com/black-t-cryptojacking-variant/https://www.cadosecurity.com/team-tnt-the-first-crypto-mining-worm-to-steal-aws-credentials/https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/https://blog.talosintelligence.com/2022/04/teamtnt-targeting-aws-alibaba.htmlhttps://blog.aquasec.com/container-security-tnt-container-attackhttps://www.trendmicro.com/en_us/research/21/l/more-tools-in-the-arsenal-how-teamtnt-used-compromised-docker-hu.htmlhttps://cloudsek.com/threatintelligence/timeline-ttps-of-teamtnt-cybercrime-group/https://www.cyjax.com/cyjax-research-sees-teamtnt-added-to-mitre-attck-framework/
Last edited
Mar 11, 2024 5:37 PM
Status
Featured
Cloud-fluent
TeamTNT is a financially-motivated and highly cloud-fluent threat actor known for exploiting misconfigurations in container management software and Kubernetes clusters to hijack containerized environments and run cryptomining operations. TeamTNT have also been observed enumerating cloud environments and compromising their victim's credentials for various cloud services.