Home Malware Programs Advanced Persistent Threat (APT) TeamTNT Criminal Group

TeamTNT Criminal Group

Posted: August 19, 2020

TeamTNT is a cybercrime organization whose members appear to specialize in cryptocurrency-related attacks. The group is involved in the development of various malware pieces that targeted cryptocurrency in some way – either mining it, hijacking transactions or compromising login credentials. The name of the TeamTNT Criminal Group was in the news recently because of their attacks against vulnerable installations of the Docker service – it is important to mention that these vulnerabilities are the fault of users who fail to password-protect the Docker management API.

Apparently, targeting Docker installations was not enough for the opportunistic cybercriminals, and they have decided to expand their operation by going after a similar service – Kubernetes. Not only did they widen the range of software they target, but the crooks also employed a new attack method that aims to collect AWS (Amazon Web Service) credentials from the compromised server. The theft is completed in a very simple manner – the malware implant looks for the directories '/.aws/credentials' and '/.aws/config' and attempts to transfer their contents to the control server.

TeamTNT Have Still not Used the Collected AWS Credentials

Cybersecurity experts report that the TeamTNT Criminal Group has already collected AWS credentials from multiple networks successfully. However, they are yet to do anything with them. The crooks certainly have very profitable options when it comes to compromised AWS accounts- they could either plant cryptocurrency mining software on them or they can simply sell them in bulk to other cybercriminals.

The hackers from the TeamTNT Criminal Group also have taken measures to prevent their collected funds from being tracked – they operate mainly with the Monero cryptocurrency, and are likely to operate thousands of different addresses to manage their funds. This makes it almost impossible to localize the transactions and determine the success of TeamTNT's operations.

Loading...