Originally reported by ZDNet, TeamTNT is a hacking crew most recently attributed to a cryptocurrency mining botnet able to steal Amazon Web Services (AWS) credentials from servers. Recently, the group has begun using an open source visualization and monitoring software, Weave Scope, as a backdoor. The software permits administrators to run shells in container clusters as root and does not require authentication by default, making it a prime target for threat actors. Additionally, it allows TeamTNT to map any Docker system that has been compromised.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.