According to new research, a cybercrime group has evolved their methods and are currently using cloud monitoring tool as a backdoor to carry out malicious activities upon different targets. The group was previously using Docker and Kubernetes cloud environments. During the pandemic, a lot of hackers have involved their methods of carrying out malicious activities against different targets in the industry. As per the words of the cybersecurity firm, it is said that this is the first time that the hackers are using third party software so that they can target the cloud infrastructure. This research was carried out by Israeli cybersecurity firm Intezer. They made the revelations on a Tuesday analysis.
The TeamTNT threat actors are mapping out the cloud environment of their targets by using the software called Weave Scope. Weave Scope is mostly used as a visualising and monitoring tool for Docker and Kubernetes services. TeamTNT can also execute the system commands without even sending out the malicious codes on the target server. The hackers have done great progress by improving their system and targeting the cloud infrastructure of the victims. This hacker gang has been doing its work since the month of April of 2020. The gang is mainly targeting the misconfigured Docker ports. They currently install a cryptocurrency mining malware and a Distributed Denial-of-Service (DDoS) bot on the victim’s server.
The crypto mining gang has also updated their way of working so that they can exfiltrate the web services from Amazon. They are now able to scan the infected systems so that they can breach the confidential information which is stored in the web services of Amazon. The commonly steal the credential information in the Amazon Web Services credentials and config files. The hackers are pretty much able to install a backdoor on the server using the tool like Weave Scope.