VERY IMPORTANT

A new campaign by the hacking group TeamTNT targets cloud native environments, exploiting exposed Docker daemons to deploy Sliver malware, cyber worms, and cryptominers. The group is utilizing Docker Swarm and Docker Hub to spread malware and rent out victims' computational power. TeamTNT has adopted new tools, replacing their traditional Tsunami backdoor with Sliver malware. The attack flow involves aggressive scanning, resource hijacking, and the use of cloud tools. The campaign gains initial access through exposed Docker ports and deploys containers from compromised Docker Hub accounts. TeamTNT's infrastructure includes new domains and compromised web servers, with indications of potential future attacks on Kubernetes clusters.