A Deep Dive into TeamTNT and Spinning YARN
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
TeamTNT is conducting a crypto mining campaign called Spinning YARN, targeting Docker, Redis, YARN, and Confluence. The attack involves server-side scripting vulnerabilities, obfuscated code, and malware deployment. The malware assesses the environment, disables cloud security, establishes persistence, and sets up a crypto miner. The impact extends beyond resource consumption, granting the attacker persistent access for potential further exploitation. TeamTNT, active since 2019, is known for attacks on cloud environments and cryptojacking. The campaign utilizes various tools and tactics, including malware droppers, XMRig miners, and reverse shells. Organizations should prioritize securing their infrastructure and stay informed about evolving threats to Linux and cloud environments.
OPENCTI LABELS :
linux,obfuscation,confluence,redis,xmrig,docker,cloud security,yarn,spinning yarn,platypus,crypto mining
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
A Deep Dive into TeamTNT and Spinning YARN