RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2
2020/08/19 11:13:32

TeamTNT (botnet)

Content

2020: Emergence of the cryptocurrency botnet attacking AWS

In August, 2020 cyber security specialists from Cado Security company detected the first in own way cryptocurrency botnet which opportunities allow to steal confidential data from the infected AWS servers.

Unknown earlier to researchers the functionality was detected in the malicious software which is used by the hackers of the TeamTNT grouping specializing in the attacks of the Docker installations. The British cybersecurity specialists found out that participants of TeamTNT added to the list of targets of the Kubernetes installation and implemented support of functionality which allows to get access to confidential data of AWS.

There was a first botnet stealing credentials of a cloud of Amazon

Cybersecurity experts explain that if to start the infected Docker or Kubernetes installations in infrastructure of AWS, then participants of TeamTNT will have an opportunity to carry out scanning of a system regarding ~ /.aws/credentials and ~ /.aws/config that as a result and will open access to credentials and also data on a configuration of accounts and infrastructure of AWS. Eventually, hackers will be able to make copies of files and to load data on own managing server.

Experts claim that at the time of the publication of their research (on August 17, 2020) the data stolen by hackers were not used in any way. Specialists could trace only several cryptocurrency wallets Monero using which hackers receive the money earned by a kriptodzheking. Judging by their contents, grouping it was succeeded to earn only about $300 though the amount can be much more as cryptocurrency botnets, as a rule, use a large number of cryptocurrency wallets that allows to complicate funds transfer tracking. Moreover, income of TeamTNT can considerably will increase if malefactors make the decision to sell data in the Darknet or to use the AWS resources for a kriptodzheking at full capacity.[1]

See Also





Notes