Security News > 2023 > July > Infosec watchers: TeamTNT crew may blast holes in Azure, Google Cloud users

Infosec watchers: TeamTNT crew may blast holes in Azure, Google Cloud users
2023-07-15 08:28

A criminal crew with a history of deploying malware to harvest credentials from Amazon Web Services accounts may expand its attention to organizations using Microsoft Azure and Google Cloud Platform.

The crooks used to target primarily AWS users, and now seem to be looking for ways into Azure and Google Cloud accounts.

According a write-up last year from Elastic Security Labs, 33 percent of cyberattacks in the cloud use stolen credentials, something TeamTNT is known for.

Those updates have brought in support for obtaining Azure and Google Cloud credentials, made the scripts more modular to achieve more complex attacks, improved the credential harvesting, and brought in the curl command-line tool to exfiltrate data.

The work SentinelLabs and Permiso echoes what Aqua uncovered earlier this month in connection with a "Potentially massive campaign against cloud native environments" that researchers Ofek Itach and Assaf Morag laid at the feet of TeamTNT or a group using the same techniques.

They described the Silentbob campaign as an "Aggressive cloud worm, designed to deploy on exposed JupyterLab and Docker APIs in order to deploy Tsunami malware, cloud credentials hijack, resource hijack and further infestation of the worm."


News URL

https://go.theregister.com/feed/www.theregister.com/2023/07/15/teamtnt_aws_azure_google/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Google 102 256 4320 4678 741 9995