Security News > 2022 > September > TeamTNT hijacking servers to run Bitcoin encryption solvers
The recent attacks bear various signatures linked to TeamTNT and rely on tools previously deployed by the gang, indicating that the threat actor is likely making a comeback.
The researchers observed three attack types being used in the allegedly new TeamTNT attacks, with the most interesting one being to use the computational power of hijacked servers to run Bitcoin encryption solvers.
Named "The Kangaroo attack," due to using Pollard's Kangaroo WIF solver, the attack scans for vulnerable Docker Daemons, deploys an AlpineOS image, drops a script, and eventually fetches the solver from GitHub.
While quantum computing is expected to break existing Bitcoin encryption at some point in the future, it's considered impossible to achieve it with current machines, but TeamTNT appears willing to try out the theory anyway using other people's resources.
Possibly, the threat actors are merely experimenting with new attack pathways, payload deployment, and evading detection while performing intensive operations on captured systems, with the Kangaroo attack ticking all boxes.
The other attacks observed by AquaSec are similar to past TeamTNT operations but now feature some novel characteristics.