Security News > 2021 > November > TeamTNT hackers target your poorly configured Docker servers
Poorly configured Docker servers and being actively targeted by the TeamTNT hacking group in an ongoing campaign started last month.
As illustrated in an attack workflow, the attack starts with creating a container on the vulnerable host using an exposed Docker REST API. TeamTNT then uses compromised, or actor-controlled Docker Hub accounts to host malicious images and deploy them on a targeted host.
TrendMicro reports that this campaign also uses compromised Docker Hub accounts controlled by TeamTNT to drop malicious Docker images.
The actors were spotted collecting Docker Hub credentials in a previous campaign analyzed by TrendMicro in July when credentials stealers were deployed in attacks.
TeamTNT is a sophisticated actor that constantly evolves its techniques, shifts short-term targeting focus but remains a constant threat to vulnerable Docker systems.
Docker provides some "Mandatory" tips that can be used lock down Docker's REST API and prevent these types of attacks.
News URL
Related news
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities (source)
- APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP (source)