TeamTNT Reportedly Eyes Credentials Of AWS, Google Cloud

                                            Application Security
                                                            Fraud Management & Cybercrime
                                                            ID Fraud
                    Group Makes use of Compromised Credentials to Assault Cloud Suppliers, Researchers Say
                                                Rashmi Ramesh                                                     •
                        June 11, 2021     


                    Compromised AWS credentials used to assault cloud environments (Picture Supply: Shutterstock)Cryptojacking group TeamTNT is leveraging compromised Amazon Web Services credentials to assault its cloud environments through the platform’s software programming interface, in response to a report by Unit 42 at Palo Alto Networks.

See Additionally: Live Webinar | The Role of Passwords in the Hybrid Workforce
“TeamTNT operations have focused and, after compromise, exfiltrated AWS credentials, focused Kubernetes clusters and created new malware referred to as Black-T that integrates open-source cloud-native instruments to help of their cryptojacking operations,” the report says. Kubernetes is a container orchestration platform developed and backed by Google.
The cybercriminal gang is trying to determine all id and entry administration permissions, Elastic Compute Cloud situations, Simple Storage Service buckets, CloudTrail configurations and CloudFormation operations granted to the compromised AWS credentials, the report says.
An AWS spokesperson instructed Data Safety Media Group that the reported exercise was not a vulnerability on AWS. The corporate lists AWS security best practices and security best practices in IAM to assist customers safe their credentials.
Others Cloud-Primarily based Apps Focused

The cybercriminal group,

 » Read more from