Docker Gatling Gun Campaign
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A new campaign by the hacking group TeamTNT targets cloud native environments, exploiting exposed Docker daemons to deploy Sliver malware, cyber worms, and cryptominers. The group is utilizing Docker Swarm and Docker Hub to spread malware and rent out victims' computational power. TeamTNT has adopted new tools, replacing their traditional Tsunami backdoor with Sliver malware. The attack flow involves aggressive scanning, resource hijacking, and the use of cloud tools. The campaign gains initial access through exposed Docker ports and deploys containers from compromised Docker Hub accounts. TeamTNT's infrastructure includes new domains and compromised web servers, with indications of potential future attacks on Kubernetes clusters.
OPENCTI LABELS :
cryptomining,sliver,docker,tsunami,exposed-daemons,cloud-native,container-security,docker-swarm,docker-hub
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Docker Gatling Gun Campaign