Researchers at Aqua Security found evidence of cyberattacks initiated by the TeamTNT gang. The company marked one of these as a “Kangaroo attack” (a cyberattack known for distributing processing power to crack bitcoin’s encryption). The hacker collective was believed to be “non-active” since 2021, but its sudden appearance hints at a bigger attack.
TeamTNT is a popular threat actor specializing in cloud hacking and was involved in several high-profile cases. In the latest attack, the cloud-native security company discovered that the scripts and malware used by the threat actor resemble TeamTNT. As per reports, the hacker group allegedly stopped services last year with a departing note, but the new series of attacks indicate their return.
On September 15, 2022, Aqua Security reported a series of attacks that used similar patterns as that of TeamTNT. The hacker group emerged as a cloud threat actor in 2020 and targeted cloud environments, including misconfigured Kubernetes clusters, Docker APIs, Kubernetes UI tools, Redis servers, and more.
On November 6, 2021, the hacker collective announced its farewell note via a Twitter post. However, it covertly infected new victims using the old malware as its primary tool. The hacker group was allegedly using scanning and infecting new victims after cybersecurity researchers discovered it. However, many researchers and cybersecurity firms are fixated on whether the new threat actor is indeed TeamTNT.
According to Assaf Morag, lead data analyst at Aqua Security, the company identified three attacks that use various signatures and tools, some of which are associated with TeamTNT. In response to the attacks, the company claimed that it was “certain that this vibrant threat actor has renewed its malicious activity.”
Kangaroo malware attackers exploit the Elliptic Curve Discrete Logarithm Problem (ECDLP) and use the ECDLP solver to target victims on the Cloud. According to Aqua Security, the attackers scan for a “misconfigured Docker Daemon” on the victim’s systems, then deploys alpine (a vanilla container image).
It runs in a distributed fashion since the “algorithm breaks the key into chunks,” according to Aqua Security. It spreads them to various nodes (attacked servers), which later collect results and can be written in a text file. If a TA (Threat Actor) succeeds in breaking the cryptographic encryption, then it can have a “devastating effect on the entire internet,” reports Aqua Security.
AI fraud, deepfake probes, SME cyber warnings, and ransomware cases highlight rising global risks in this week’s Cyber Express roundup.
French national bank authority confirmed a major data breach affecting 1.2 million bank accounts after a malicious actor stole credentials…
The real success of AI will not only depend on how powerful the technology becomes, but on how safely, fairly,…
Israel data breach totals two petabytes, with phishing up 35% and cyber influence attacks rising 170%, says Yossi Karadi.
The UMMC cyberattack halted surgeries, closed clinics statewide and triggered a federal probe into potential patient data exposure.
ESET researchers discovered PromptSpy, the first known Android malware to integrate generative AI directly into its execution flow, marking a…
This website uses cookies. By continuing to use this website you are giving consent to cookies being used.
Read More