Team TNT - The First Crypto-Mining Worm to Steal AWS Credentials
released on 2020-08-17 @ 03:27:28 PM
Over the weekend Cado Security discovered a crypto-mining worm spreading that steals AWS credentials. It’s the first worm Cado Security has seen that contains such AWS specific functionality. The worm also steals local credentials, and scans the internet for misconfigured Docker platforms. Cado Security has seen the attackers, who call themselves "TeamTNT", compromise a number of Docker and Kubernetes systems.