Group Uses Compromised Credentials to Attack Cloud Providers, Researchers Say Rashmi Ramesh • June 11, 2021
Cryptojacking group TeamTNT is leveraging compromised Amazon Web Services credentials to attack its cloud environments via the platform’s application programming interface, according to a report by Unit 42 at Palo Alto Networks.
“TeamTNT operations have targeted and, after compromise, exfiltrated AWS credentials, targeted Kubernetes clusters and created new malware called Black-T that integrates open-source cloud-native tools to assist in their cryptojacking operations,” the report says. Kubernetes is a container orchestration platform developed and backed by Google.
The cybercriminal gang is attempting to identify all identity and access management permissions, Elastic Compute Cloud instances, Simple Storage Service buckets, CloudTrail configurations and CloudFormation operations granted to the compromised AWS credentials, the report says ...
Copyright of this story solely belongs to bankinfosecurity . To see the full text click HERE