TeamTNT hacking group strikes thousands of victims worldwide
TeamTNT hacking group has increased its abilities by adding a set of tools that allow it to target multiple operating systems. AT&T researchers released a report detailing the new campaign, called Chimaera, which is believed to have begun earlier this summer. The operation is based on command-and-control server logs and an increased reliance on open source tools. The hacking group was first discovered last year after researchers found connections to the installation of cryptocurrency mining malware on Docker containers. TrendMicro has also followed the group, claiming to have found it attempting to stead AWS credentials to propagate on more servers.
The Group has been the subject of investigations for cybersecurity researchers at Cado Security as well, who allegedly observed TeamTNT targeting Kubernetes installations. AT&T claims that the group is targeting Linux, Windows, Docker, AWS, and Kubernetes installations. In just a short time period, the researchers claim that the group infected thousands globally. The malicious actors’ portfolio includes open source tools such as the port scanner Masscan and 7z for file decompression.