Tech »  Topic »  TeamTNT Reportedly Eyes Credentials of AWS, Google Cloud

TeamTNT Reportedly Eyes Credentials of AWS, Google Cloud


Group Uses Compromised Credentials to Attack Cloud Providers, Researchers Say Rashmi RameshJune 11, 2021

Compromised AWS credentials used to attack cloud environments (Image Source: Shutterstock)

Cryptojacking group TeamTNT is leveraging compromised Amazon Web Services credentials to attack its cloud environments via the platform’s application programming interface, according to a report by Unit 42 at Palo Alto Networks.

See Also: Live Webinar | The Role of Passwords in the Hybrid Workforce

“TeamTNT operations have targeted and, after compromise, exfiltrated AWS credentials, targeted Kubernetes clusters and created new malware called Black-T that integrates open-source cloud-native tools to assist in their cryptojacking operations,” the report says. Kubernetes is a container orchestration platform developed and backed by Google.

The cybercriminal gang is attempting to identify all identity and access management permissions, Elastic Compute Cloud instances, Simple Storage Service buckets, CloudTrail configurations and CloudFormation operations granted to the compromised AWS credentials, the report says ...


Copyright of this story solely belongs to bankinfosecurity . To see the full text click HERE