Trendzz

TeamTNT, a well-known hacking group, has recently initiated a series of cloud-based attacks focused on cryptocurrency mining.

by



TeamTNT, a cryptojacking group, is preparing for a large-scale campaign targeting cloud-native environments for mining cryptocurrencies. They are using Docker daemons to deploy malware and cryptominers, as well as renting out breached servers for illicit cryptocurrency mining. The attacks involve identifying exposed Docker API endpoints, deploying malicious containers, and using the Sliver C2 framework for remote control. Additionally, another campaign involving the Prometei crypto mining botnet is targeting vulnerabilities in RDP and SMB to mine cryptocurrencies without the victim’s knowledge. This highlights the evolving tactics of threat actors in exploiting cloud environments for financial gain.

read full article

We do not own the rights to this content & no infringement intended, CREDIT: The Original Source: thehackernews.com

Trendzz Only Comment:

This

element contains an article discussing a new large-scale campaign by the cryptojacking group TeamTNT targeting cloud-native environments for mining cryptocurrencies. The article highlights the group’s use of Docker Hub to host malicious payloads and offer victims’ computational power for illicit crypto mining. The campaign involves identifying exposed Docker API endpoints, deploying cryptominers, and using the Sliver command-and-control framework. The attackers are also observed using anondns for web server pointing. Additionally, the article mentions a separate campaign by Trend Micro involving the Prometei crypto mining botnet. Overall, the article sheds light on evolving tactics in the realm of cryptocurrency mining attacks.

.