Exposed Docker APIs continue to be targeted by TeamTNT
Docker Hub continues to be leveraged for hosting malicious images.
TeamTNT’s arsenal expands into Golang brute force utilities.
Caught In The Honeypot – Again!
Lacework Labs recently caught a new TeamTNT Docker image posing as an Apache server targeting exposed Docker APIs in the wild. Upon successful deployment, the Docker image titled “apache” from Docker hub account “docker72590” creates a crontab entry t…