Malware

New expansive TeamTNT attack campaign detailed

Share
Malware

Credit: Adobe Stock Photos

New cloud attacks have been launched by the TeamTNT cryptojacking operation as part of its new Docker Gatling Gun campaign, The Hacker News reports.

After being targeted through masscan and ZGrab, unauthenticated Docker API endpoints have been exploited by TeamTNT to facilitate the deployment of cryptocurrency mining malware as management of the impacted infrastructure is outsourced on the Mining Rig Rentals mining rental platform, according to a report from Aqua. Threat actors have not only added the compromised server to a Docker swarm but also proceeded to inject the Sliver malware and a cyber worm. "In this campaign TeamTNT is also using anondns (AnonDNS or Anonymous DNS is a concept or service designed to provide anonymity and privacy when resolving DNS queries), in order to point to their web server," said Aqua Director of Threat Intelligence Assaf Morag. Aqua's discovery of such an attack campaign follows a Trend Micro report detailing Prometei crypto mining botnet distribution in a targeted brute-force intrusion.

Related

Malicious npm packages spread BeaverTail malware

Most downloaded among the malicious packages was "blockscan-api," which is a backdoored copy of etherscan-api, followed by "passport-js," which is a backdoored passport copy, and the backdoored bcryptjs copy dubbed "bcrypts-js," an analysis from the Datadog Security Research team showed.

New Russian malware campaign sets sights on Ukrainian conscripts

UNC5812 under the guise of "Civil Defense" on Telegram distributed free Ukrainian military recruiter locator software, which when downloaded on Android devices triggered the deployment of the CraxsRat backdoor, which has keystroke tracking, contact and credential exfiltration, and file and SMS management capabilities, as well as the decoy mapping app Sunspinner.

Novel toolset leveraged by Chinese cyberespionage gang to target cloud data

After leveraging numerous initial attack vectors, including vulnerability exploitation and DNS poisoning, to infiltrate targeted networks, Evasive Panda proceeds with the distribution of the MgBot and Nightdoor payloads, with the former leveraged to deploy 10 CloudScout modules, three of which target Google Drive, Gmail, and Microsoft Outlook, according to an analysis from ESET.

Related Events

Related Terms

Adware

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.