TeamTNT, a threat group known for compromising cloud environments and containers, appears to have returned with a newly developed attack toolkit and botnet that has worming capabilities and targets multiple cloud technologies. Researchers found components designed to scan for vulnerable or insecure Kubernetes clusters, Docker APIs, Weave Scope instances, JupyterLab and Jupyter Notebook deployments, Redis servers, and Hadoop clusters.
Researchers from Aqua Security also found evidence the group was testing for various vulnerabilities and misconfigurations in services and applications such as Tomcat, Nginx, PostgreSQL and SSH.
