A Deep Dive into TeamTNT and Spinning YARN
Essential information
- Published
- 18/12/2024 06:34
- Modified
- 18/12/2024 12:09
- Tags
- 2024-12-18 cloud security confluence crypto mining docker linux obfuscation platypus redis spinning yarn xmrig yarn
- Related entities
- 35 observables, 1 intrusion sets (apt), 21 techniques (mitre), 2 malware, 1 others
Description
TeamTNT is conducting a crypto mining campaign called Spinning YARN, targeting Docker, Redis, YARN, and Confluence. The attack involves server-side scripting vulnerabilities, obfuscated code, and malware deployment. The malware assesses the environment, disables cloud security, establishes persistence, and sets up a crypto miner. The impact extends beyond resource consumption, granting the attacker persistent access for potential further exploitation. TeamTNT, active since 2019, is known for attacks on cloud environments and cryptojacking. The campaign utilizes various tools and tactics, including malware droppers, XMRig miners, and reverse shells. Organizations should prioritize securing their infrastructure and stay informed about evolving threats to Linux and cloud environments.