New cloud attacks have been launched by the TeamTNT cryptojacking operation as part of its new Docker Gatling Gun campaign, The Hacker News reports.
After being targeted through masscan and ZGrab, unauthenticated Docker API endpoints have been exploited by TeamTNT to facilitate the deployment of cryptocurrency mining malware as management of the impacted infrastructure is outsourced on the Mining Rig Rentals mining rental platform, according to a report from Aqua. Threat actors have not only added the compromised server to a Docker swarm but also proceeded to inject the Sliver malware and a cyber worm. "In this campaign TeamTNT is also using anondns (AnonDNS or Anonymous DNS is a concept or service designed to provide anonymity and privacy when resolving DNS queries), in order to point to their web server," said Aqua Director of Threat Intelligence Assaf Morag. Aqua's discovery of such an attack campaign follows a Trend Micro report detailing Prometei crypto mining botnet distribution in a targeted brute-force intrusion.
