Docker Gatling Gun Campaign

NetmanageIT OpenCTI - opencti.netmanageit.com

Docker Gatling Gun Campaign



SUMMARY :

A new campaign by the hacking group TeamTNT targets cloud native environments, exploiting exposed Docker daemons to deploy Sliver malware, cyber worms, and cryptominers. The group is utilizing Docker Swarm and Docker Hub to spread malware and rent out victims' computational power. TeamTNT has adopted new tools, replacing their traditional Tsunami backdoor with Sliver malware. The attack flow involves aggressive scanning, resource hijacking, and the use of cloud tools. The campaign gains initial access through exposed Docker ports and deploys containers from compromised Docker Hub accounts. TeamTNT's infrastructure includes new domains and compromised web servers, with indications of potential future attacks on Kubernetes clusters.

OPENCTI LABELS :

cryptomining,sliver,docker,tsunami,exposed-daemons,cloud-native,container-security,docker-swarm,docker-hub


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Docker Gatling Gun Campaign