Monday, December 6, 2021

TeamTNT Continues to Target Exposed Docker API

Lacework Labs

Key Takeaways

Exposed Docker APIs continue to be targeted by TeamTNT

Docker Hub continues to be leveraged for hosting malicious images.

TeamTNT’s arsenal expands into Golang brute force utilities.

Caught In The Honeypot – Again!

Lacework Labs recently caught a new TeamTNT Docker image posing as an Apache server targeting exposed Docker APIs in the wild. Upon successful deployment, the Docker image titled “apache” from Docker hub account “docker72590” creates a crontab entry t…

Read More

Latest news
Related news