| SYMBOL | COMMON_NAME | aka. SYNONYMS |
In early Febuary, 2021 TeamTNT launched a new campaign against Docker and Kubernetes environments. Using a collection of container images that are hosted in Docker Hub, the attackers are targeting misconfigured docker daemons, Kubeflow dashboards, and Weave Scope, exploiting these environments in order to steal cloud credentials, open backdoors, mine cryptocurrency, and launch a worm that is looking for the next victim. They're linked to the First Crypto-Mining Worm to Steal AWS Credentials and Hildegard Cryptojacking malware. TeamTNT is a relatively recent addition to a growing number of threats targeting the cloud. While they employ some of the same tactics as similar groups, TeamTNT stands out with their social media presence and penchant for self-promotion. Tweets from the TeamTNT’s account are in both English and German although it is unknown if they are located in Germany.
There are currently no families associated with this actor.
| 2022-07-18
⋅
Palo Alto Networks Unit 42
⋅
Adept Libra TeamTNT TeamTNT |
| 2021-02-20
⋅
Malpedia
⋅
Malpedia Website for Malware Family Team TNT TeamTNT TeamTNT |
| 2021-02-17
⋅
Aquasec
⋅
Threat Alert: TeamTNT Pwn Campaign Against Docker and K8s Environments TeamTNT TeamTNT |
| 2021-02-14
⋅
Cyware
⋅
Hildegard: TeamTNT’s New Feature-Rich Malware Targeting Kubernetes TeamTNT |
| 2021-02-03
⋅
Palo Alto Networks Unit 42
⋅
Hildegard: New TeamTNT Malware Targeting Kubernetes TeamTNT TeamTNT |
| 2021-01-27
⋅
AT&T
⋅
TeamTNT delivers malware with new detection evasion tool TeamTNT TeamTNT |
| 2021-01-05
⋅
Lacework Labs
⋅
TeamTNT Builds Botnet from Chinese Cloud Servers TeamTNT TNTbotinger TeamTNT |
| 2020-12-21
⋅
Intezer
⋅
Top Linux Cloud Threats of 2020 AgeLocker AnchorDNS Blackrota Cloud Snooper Dacls Doki FritzFrog IPStorm Kaiji Kinsing NOTROBIN Penquin Turla PLEAD Prometei RansomEXX Stantinko TeamTNT TSCookie WellMail elf.wellmess TeamTNT |
| 2020-12-18
⋅
Trend Micro
⋅
TeamTNT Now Deploying DDoS-Capable IRC Bot TNTbotinger PerlBot TNTbotinger TeamTNT |
| 2020-08-17
⋅
Cado Security
⋅
Team TNT – The First Crypto-Mining Worm to Steal AWS Credentials TeamTNT TeamTNT |