TeamTNT Hackers Attacking VPS Servers Running CentOS
A new cryptojacking campaign by TeamTNT is targeting cloud infrastructures, specifically Docker containers and Kubernetes clusters running on CentOS-based VPS systems.
In a Sept. 18 report, Group-IB researchers detailed how TeamTNT begins with SSH brute force attacks, uploading malware that disables security, deletes logs, and removes cryptocurrency miners. The attackers also deploy the Diamorphine rootkit to gain root privileges and maintain control over the compromised systems.
Experts warn that TeamTNT’s focus on CentOS VPS, especially outdated versions like CentOS 7, highlights the vulnerabilities in cloud environments. As cloud-native technologies evolve, attackers exploit weaknesses in Kubernetes and Docker, making it essential for security teams to fortify their defenses.