Tuesday, October 19, 2021

TeamTNT Script Employed to Grab AWS Credentials

A TeamTNT script has been employed to target a Confluence vulnerability that grabs AWS credentials including those from ECS.

We’ve been tracking TeamTNT since the adversary group was tied back to a crypto-mining worm that specifically targeted Kubernetes clusters — the first known worm that contained AWS-specific credential theft functionality.

What We Found

The IP address 3.10.224[.]87 is serving a clever script built by the TeamTNT crew to steal credentials. It steals AWS EC2 and AWS ECS cr…

Read More

Latest news
Related news