Analysts with Trend Micro have reported an update to a botnet that now collects Docker and Amazon Web Services (AWS) credentials after deploying an XMR crypto miner. Trend Micro had previously reported that a threat actor group they call TeamTNT established a botnet that attempted to access Docker containers with exposed APIs without a password. In this new version, after the miner Is deployed, the malware will try to steal AWS credentials and Docker API credentials to move laterally to other systems and siphon off more resources.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security