TeamTNT Hacker Group Launches New Cloud Attacks for Crypto Mining

The notorious hacker group TeamTNT has intensified attacks on cloud infrastructures, leveraging their resources for illicit cryptocurrency mining. Security experts report that attackers are targeting unsecured Docker APIs and Kubernetes clusters.

TeamTNT exploits open Docker daemons to deploy malware, including cryptominers and remote access tools. The new wave of attacks is characterized by the use of the Sliver C2 framework, making detection and mitigation more challenging.

Over the past weeks, more than 10,000 attempts to compromise servers have been recorded. Companies are urged to strengthen security measures, including restricting access to Docker and Kubernetes, patching systems, and monitoring suspicious activities. TeamTNT’s attacks highlight the increasing cybersecurity risks to cloud services.