* . *
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Monday, September 29, 2025
Earth-News
  • Home
  • Business
  • Entertainment
    Good Deed Entertainment Acquires Worldwide Rights To Liza Mandelup’s Documentary ‘Caterpillar’ – Deadline

    Good Deed Entertainment Lands Global Rights to Liza Mandelup’s Captivating Documentary ‘Caterpillar

    Danielle Fishel Explains Why Being on “DWTS” Makes Her Feel ‘Like It’s 1994 Again’ Filming “Boy Meets World” (Exclusive) – Yahoo

    Danielle Fishel Explains Why Being on “DWTS” Makes Her Feel ‘Like It’s 1994 Again’ Filming “Boy Meets World” (Exclusive) – Yahoo

    Jussie Smollett Claims He Was ‘Disrespected’ on the ‘Special Forces’ Season Premiere – Yahoo

    Jussie Smollett Opens Up About Feeling ‘Disrespected’ During the ‘Special Forces’ Season Premiere

    TicketSmarter Fall Entertainment Guide – Eastern Illinois University Athletics

    TicketSmarter Fall Entertainment Guide – Eastern Illinois University Athletics

    Cardi B Adds More Dates to Little Miss Drama Tour: ‘Y’all Making Me Work’ – Yahoo

    Cardi B Extends Little Miss Drama Tour: “Y’all Making Me Work

    ‘Today’: Sheinelle Jones Thanks Katie Couric for Support After Husband’s Death – CBS 19 News

    Sheinelle Jones Expresses Heartfelt Thanks to Katie Couric for Support After Husband’s Passing

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Virginia Tech hosts annual New Music + Technology Festival this week – Cardinal News

    Virginia Tech Kicks Off Exciting Annual New Music and Technology Festival This Week

    Why I gave the world wide web away for free | Tim Berners-Lee – The Guardian

    Why I Decided to Make the World Wide Web Free for Everyone | Tim Berners-Lee

    From shale to steam: Fossil fuel technology boosts clean geothermal energy – Washington Examiner

    From Shale to Steam: How Fossil Fuel Technology is Powering a Clean Geothermal Energy Revolution

    How Sustainable Technology is Shaping a Greener Future – Technology Magazine

    How Sustainable Technology is Driving the Revolution Toward a Greener Future

    Aurora police hope to add facial recognition technology to crime-fighting tools – CBS News

    Aurora Police Aim to Boost Crime-Fighting with New Facial Recognition Technology

    Autonomous Solutions shows off cutting-edge technology for the public – Cache Valley Daily

    Autonomous Solutions Unveils Cutting-Edge Technology for the Public

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
  • Home
  • Business
  • Entertainment
    Good Deed Entertainment Acquires Worldwide Rights To Liza Mandelup’s Documentary ‘Caterpillar’ – Deadline

    Good Deed Entertainment Lands Global Rights to Liza Mandelup’s Captivating Documentary ‘Caterpillar

    Danielle Fishel Explains Why Being on “DWTS” Makes Her Feel ‘Like It’s 1994 Again’ Filming “Boy Meets World” (Exclusive) – Yahoo

    Danielle Fishel Explains Why Being on “DWTS” Makes Her Feel ‘Like It’s 1994 Again’ Filming “Boy Meets World” (Exclusive) – Yahoo

    Jussie Smollett Claims He Was ‘Disrespected’ on the ‘Special Forces’ Season Premiere – Yahoo

    Jussie Smollett Opens Up About Feeling ‘Disrespected’ During the ‘Special Forces’ Season Premiere

    TicketSmarter Fall Entertainment Guide – Eastern Illinois University Athletics

    TicketSmarter Fall Entertainment Guide – Eastern Illinois University Athletics

    Cardi B Adds More Dates to Little Miss Drama Tour: ‘Y’all Making Me Work’ – Yahoo

    Cardi B Extends Little Miss Drama Tour: “Y’all Making Me Work

    ‘Today’: Sheinelle Jones Thanks Katie Couric for Support After Husband’s Death – CBS 19 News

    Sheinelle Jones Expresses Heartfelt Thanks to Katie Couric for Support After Husband’s Passing

  • General
  • Health
  • News

    Cracking the Code: Why China’s Economic Challenges Aren’t Shaking Markets, Unlike America’s” – Bloomberg

    Trump’s Narrow Window to Spread the Truth About Harris

    Trump’s Narrow Window to Spread the Truth About Harris

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    Israel-Gaza war live updates: Hamas leader Ismail Haniyeh assassinated in Iran, group says

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    PAP Boss to Niger Delta Youths, Stay Away from the Protest

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Court Restricts Protests In Lagos To Freedom, Peace Park

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Fans React to Jazz Jennings’ Inspiring Weight Loss Journey

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Science
  • Sports
  • Technology
    Virginia Tech hosts annual New Music + Technology Festival this week – Cardinal News

    Virginia Tech Kicks Off Exciting Annual New Music and Technology Festival This Week

    Why I gave the world wide web away for free | Tim Berners-Lee – The Guardian

    Why I Decided to Make the World Wide Web Free for Everyone | Tim Berners-Lee

    From shale to steam: Fossil fuel technology boosts clean geothermal energy – Washington Examiner

    From Shale to Steam: How Fossil Fuel Technology is Powering a Clean Geothermal Energy Revolution

    How Sustainable Technology is Shaping a Greener Future – Technology Magazine

    How Sustainable Technology is Driving the Revolution Toward a Greener Future

    Aurora police hope to add facial recognition technology to crime-fighting tools – CBS News

    Aurora Police Aim to Boost Crime-Fighting with New Facial Recognition Technology

    Autonomous Solutions shows off cutting-edge technology for the public – Cache Valley Daily

    Autonomous Solutions Unveils Cutting-Edge Technology for the Public

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
No Result
View All Result
Earth-News
No Result
View All Result
Home Technology

Infosec watchers: TeamTNT crew may blast holes in Azure, Google Cloud users

July 15, 2023
in Technology
Infosec watchers: TeamTNT crew may blast holes in Azure, Google Cloud users
Share on FacebookShare on Twitter

A criminal crew with a history of deploying malware to harvest credentials from Amazon Web Services accounts may expand its attention to organizations using Microsoft Azure and Google Cloud Platform.

Researchers with SentinelOne, Permiso Security, and Aqua Security say a credential-stealing campaign, which began in June, includes the hallmarks of the notorious TeamTNT, though full attribution is difficult.

That said, given the amount of work the miscreants have done to improve their techniques and the addition of Azure and Google Cloud accounts to the list of targets, the group looks set to ramp up its attacks, according to Alex Delamotte, researcher with SentinelOne’s SentinelLabs unit.

Whoever the miscreants are, it appears they scrape cloud infrastructure credentials – such as AWS keys – from victims’ Jupyter programming notebooks; accessing those notebooks may require the exploitation of poorly secured web applications, or the notebooks may have been accidentally left open to the public, it seems. The crooks’ ultimate goal is to get credentials, use them to copy malware onto someone else’s cloud-based systems, and run that malware.

Once the crew’s code is executing on a victim’s resources, the intruders can run scripts on those remote systems that search for and harvest more access credentials, mine cryptocurrencies, open a backdoor, and potentially siphon off information or meddle with operations. The crooks used to target primarily AWS users, and now seem to be looking for ways into Azure and Google Cloud accounts.

“While AWS has long been in the crosshairs of many cloud-focused actors, the expansion to Azure and GCP credentials indicates there are other major contenders holding valuable data,” Delamotte wrote in a report this week.

“We believe this actor is actively tuning and improving their tools. Based on the tweaks observed across the past several weeks, the actor is likely preparing for larger scale campaigns.”

Permiso researcher Abian Morina reckoned on Wednesday a multi-cloud campaign may already be underway as of this week.

It is not entirely clear exactly how the miscreants break into people’s cloud resources: check the linked advisories for technical details and indicators of compromise, and use the given info to detect and stop any identifiable intrusions, we say.

Cloud credentials are a popular target

According a write-up last year from Elastic Security Labs, 33 percent of cyberattacks in the cloud use stolen credentials, something TeamTNT is known for. The group has been around since 2019, though two years ago it announced it was quitting. However Trend Micro said the crew, known for targeting cloud and container environments, was back in business as of late last year.

Permiso in December 2022 documented how TeamTNT was scouring Jupyter Notebook services primarily for AWS credentials. The miscreants appear to have started targeting vulnerable Docker deployments, too, and updated their intrusion tools.

Those updates have brought in support for obtaining Azure and Google Cloud credentials, made the scripts more modular to achieve more complex attacks, improved the credential harvesting, and brought in the curl command-line tool to exfiltrate data.

AT&T Alien Labs warns of ‘zero or low detection’ for TeamTNT’s latest malware bundle

FBI: BlackCat ransomware scratched 60-plus orgs

Microsoft defends intrusive dialog in Visual Studio Code that asks if you really trust the code you’ve been working on

Microsoft stole our stolen dark web data, says security outfit

In addition, the group previously hosted its command-and-control (C2) activities and files in an openly accessible directory on a single domain. Now the C2’s directory requires a hardcoded username and password to access, making it tougher to inspect and stop. This infrastructure, which previously used a Netherlands-based IP address, now runs across several subdomains.

The researchers also found an ELF binary built from Golang source code; this executable is used to spread the malware to other vulnerable targets, seemingly in a worm-like fashion. The miscreants hide this system scanner as an embedded base64 object within the binary to make it more difficult to detect.

Something wicked this way comes

The latest campaign “demonstrates the evolution of a seasoned cloud actor with familiarity across many technologies,” Delamotte wrote.

“The meticulous attention to detail indicates the actor has clearly experienced plenty of trial and error. The actor has also improved the tool’s data formatting to enable more autonomous activity, which demonstrates a certain level of maturity and skill.”

The work SentinelLabs and Permiso echoes what Aqua uncovered earlier this month in connection with a “potentially massive campaign against cloud native environments” that researchers Ofek Itach and Assaf Morag laid at the feet of TeamTNT or a group using the same techniques.

Their investigation kicked off after an attack was detected against a Jupyter honeypot run by Aqua, and led to an examination of a container image and Docker Hub account, they wrote. They described the Silentbob campaign as an “aggressive cloud worm, designed to deploy on exposed JupyterLab and Docker APIs in order to deploy Tsunami malware, cloud credentials hijack, resource hijack and further infestation of the worm.”

Like SentinelLabs, the Aqua researchers said it appeared that what they were looking at was a trial run for a bigger operation.

“Given that some functions in the code remain unused and the linked attack patterns suggest manual testing, we theorize that the attacker is in the process of optimizing their algorithm,” they wrote at the start of July.

“Looks like TeamTNT or a TeamTNT copycat is preparing a campaign. We treat this as an early warning, and hopefully a prevention to the campaign.”

Aqua and SentinelLabs recommended enterprises protect themselves against such attacks by taking such steps as not deploying Jupyter software without authentication, properly configuring and patching web applications to minimize exploitation, restricting external access to Docker, and using the least-privilege principle by limiting the permissions of containers. ®

>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : The Register – https://go.theregister.com/feed/www.theregister.com/2023/07/15/teamtnt_aws_azure_google/

Tags: infosectechnologywatchers
Previous Post

Now Foxconn hopes to lure TSMC, Japan’s TMH into India chip fab pact – report

Next Post

Tesla Cybertruck bidirectional charging hint found in Tesla colouring book of all places

World-Building With Daisies – 032C

Crafting Vibrant Worlds: The Art of Building with Daisies

September 29, 2025
Milei Vowed to Fix Argentina’s Economy. Then Came a New Crisis. – The New York Times

Milei Vowed to Fix Argentina’s Economy. Then Came a New Crisis. – The New York Times

September 29, 2025
Good Deed Entertainment Acquires Worldwide Rights To Liza Mandelup’s Documentary ‘Caterpillar’ – Deadline

Good Deed Entertainment Lands Global Rights to Liza Mandelup’s Captivating Documentary ‘Caterpillar

September 29, 2025
Report finds increased nitrates as fertilizer application poses costs to public health and farmers – Wisconsin Examiner

Rising Nitrate Levels from Fertilizer Use Threaten Public Health and Farmers’ Livelihoods

September 29, 2025
Michigan church shooting suspect went on anti-LDS tirade, political candidate said – Detroit Free Press

Michigan church shooting suspect went on anti-LDS tirade, political candidate said – Detroit Free Press

September 29, 2025
WEEKEND SCENE: Wolves, salmon, stormwater, more at 2025 West Seattle Ecology Fair, report #1 – West Seattle Blog…

Discover Wolves, Salmon, Stormwater, and More at the 2025 West Seattle Ecology Fair!

September 29, 2025
The Real Threat to Faith Isn’t Science – The Gospel Coalition

The Real Threat to Faith Isn’t Science – The Gospel Coalition

September 29, 2025
Trump Distorts Facts on Autism, Tylenol and Vaccines, Scientists Say – hepmag.com

Scientists Disprove Claims Connecting Autism to Tylenol and Vaccines

September 29, 2025
Our Favorite Store-Bought Coleslaw Can Be Found At Many Grocery Stores – Yahoo

Our Favorite Store-Bought Coleslaw Can Be Found At Many Grocery Stores – Yahoo

September 29, 2025
Virginia Tech hosts annual New Music + Technology Festival this week – Cardinal News

Virginia Tech Kicks Off Exciting Annual New Music and Technology Festival This Week

September 29, 2025

Categories

Archives

September 2025
M T W T F S S
1234567
891011121314
15161718192021
22232425262728
2930  
« Aug    
Earth-News.info

The Earth News is an independent English-language daily published Website from all around the World News

Browse by Category

  • Business (20,132)
  • Ecology (842)
  • Economy (864)
  • Entertainment (21,738)
  • General (17,314)
  • Health (9,907)
  • Lifestyle (876)
  • News (22,149)
  • People (865)
  • Politics (874)
  • Science (16,073)
  • Sports (21,363)
  • Technology (15,846)
  • World (846)

Recent News

World-Building With Daisies – 032C

Crafting Vibrant Worlds: The Art of Building with Daisies

September 29, 2025
Milei Vowed to Fix Argentina’s Economy. Then Came a New Crisis. – The New York Times

Milei Vowed to Fix Argentina’s Economy. Then Came a New Crisis. – The New York Times

September 29, 2025
  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

No Result
View All Result

© 2023 earth-news.info

Go to mobile version