Cyber Defense Magazine reports that hacking organization TeamTNT has been undertaking a new malicious campaign against enterprises around the world, using new tools that allow them to conceal their presence and attribution of the attacks, according to researchers at AT&T Alien Labs.
Ongoing since July 25, 2021, the campaign, which the group is tracking under the name Chimaera, aims at devices using Windows operating systems as well as various Linux distributions including Alpine for containers, and has also been hitting AWS, Docker and Kubernetes. The hacking group has been using its IRC bot as well as a variety of shell and batch scripts, a cryptocurrency miner and new open-source tools. Victims of the worldwide attack number in the thousands after only a few months and as of Aug. 30, antivirus software still has a zero detection rate on the malware samples they used.
Meanwhile, Palo Alto Networks researchers who have also been analyzing the campaign said TeamTNT has also been using a toolset called Peirates, which is a cloud penetration testing tool which allows attacks on cloud-based applications.