Malware

TeamTNT

First seen: 2019-10 • Status: active

Currently Active Threat

TeamTNT specializes in hacking cloud systems to mine cryptocurrency. They steal AWS keys and attack Kubernetes.

Overview

TeamTNT is a threat actor focused on cloud and container cryptomining. They target AWS credentials and Kubernetes clusters.

How It Spreads

  • Docker exploitation
  • Kubernetes attacks
  • Worm capabilities

What It Does

  • Cloud credential theft
  • Cryptomining
  • AWS targeting

Is your business exposed?

Target Platforms

Linux, Docker, Kubernetes, AWS

Detection Tips

  • Monitor for AWS credential access
  • Watch for container breakouts

MITRE ATT&CK Techniques

T1496, T1552, T1610

If You're Infected

  1. 1.

    Rotate all AWS credentials

  2. 2.

    Audit container security

Related Malware

Kinsing, Xmrig

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices