Aliases
Adept Libra (PA)
Tags
Cryptojacking
Attribution
💰Cybercrime
Incidents
TeamTNT campaignsSilentBob cryptomining campaignTeamTNT’s Docker Gatling Gun Campaign
References
https://unit42.paloaltonetworks.com/teamtnt-operations-cloud-environments/https://unit42.paloaltonetworks.com/black-t-cryptojacking-variant/https://www.cadosecurity.com/team-tnt-the-first-crypto-mining-worm-to-steal-aws-credentials/https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/https://blog.talosintelligence.com/2022/04/teamtnt-targeting-aws-alibaba.htmlhttps://blog.aquasec.com/container-security-tnt-container-attackhttps://www.trendmicro.com/en_us/research/21/l/more-tools-in-the-arsenal-how-teamtnt-used-compromised-docker-hu.htmlhttps://cloudsek.com/threatintelligence/timeline-ttps-of-teamtnt-cybercrime-group/https://www.cyjax.com/cyjax-research-sees-teamtnt-added-to-mitre-attck-framework/
Last edited
Oct 27, 2024 8:51 AM
Status
Featured
Cloud-fluent
TeamTNT is a financially-motivated and highly cloud-fluent threat actor known for exploiting misconfigurations in container management software and Kubernetes clusters to hijack containerized environments and run cryptomining operations. TeamTNT have also been observed enumerating cloud environments and compromising their victim's credentials for various cloud services.