News

TeamTNT Hackers Attacking VPS Servers Running CentOS

A new cryptojacking campaign by TeamTNT is targeting cloud infrastructures, specifically Docker containers and Kubernetes clusters running on CentOS-based VPS systems.

In a Sept. 18 report, Group-IB researchers detailed how TeamTNT begins with SSH brute force attacks, uploading malware that disables security, deletes logs, and removes cryptocurrency miners. The attackers also deploy the Diamorphine rootkit to gain root privileges and maintain control over the compromised systems.

Experts warn that TeamTNT’s focus on CentOS VPS, especially outdated versions like CentOS 7, highlights the vulnerabilities in cloud environments. As cloud-native technologies evolve, attackers exploit weaknesses in Kubernetes and Docker, making it essential for security teams to fortify their defenses.

[Read more]

Don’t Fear Risk. Manage It.


CRITICALSTART®, MOBILESOC® and Trusted Behavior Registry® are federally registered trademarks owned by Critical Start. Critical Start also claims trademark rights in the following: Cyber Operations Risk & Response™ platform. Any unauthorized use is expressly prohibited..

Tactics to Mitigate Security Gaps in Modern Threat Response. Upcoming Webinar - October 15.
This is default text for notification bar