VERY IMPORTANT

TeamTNT staged malicious images on Docker Hub using a legitimate user’s Docker Hub account. The credentials to the Docker Hub account were accidentally committed to a public GitHub repo, where we believed TeamTNT gained initial access to the account. Lacework Labs notified Docker Security and the owner of the targeted account (megawebmaster) who quickly took action disrupting TeamTNT staged Docker containers by removing them from Docker Hub.