The TeamTNT cybercrime gang has ramped up its attacks on the cloud over the past several months, this time launching a new malware campaign targeting Kubernetes clusters that culminated in a crytpojacking operation.
In a blog released Wednesday, Palo Alto’s Unit 42 researchers, said the attackers gained initial access via a misconfigured kubelet that allowed anonymous access. Once getting a foothold into a Kubernetes cluster, the malware attempted to spread over as many containers as possible, leading to the malicious activity.
The researchers said TeamTNT’s new campaign is the most feature-rich malware Unit 42 has seen from this group. They said on this round the threat actor developed more sophisticated tactics for initial access, execution, defense evasion and command and control. Although the malware is still under development and the campaign has not spread widely, Unit 42 believes the attacker will soon improve the tools and start a large-scale deployment.
..
Support the originator by clicking the read the rest link below.
