# TeamTNT ’s New Trump Card

research worker from Palo Alto Networks observe the Hildegard malware of TeamTNT target Kubernetes organization at its January reconnaissance and weaponization story .

In ordain to put on get at to the Kubernetes surround for cryptojacking and potentially exfiltrating secret data point from X of 1000 of application program in operation in the flock , the assaulter mainly leverage misconfigured kubelet agent . A tmate turnabout racing shell and an IRC channelise are utilise by the Hildegard malware to make C&C link . It apply a recognize Linux sue public figure to dissemble the malicious physical process ( bioset ) . moreover , the malware masquerade harmful function expend subroutine library injectant for security measure escape and write in code the malicious consignment within a binary program to ca-ca it Thomas More hard to automatise motionless enquiry .

# late blast

The mathematical group ill-used a detection dodging method acting call libprocesshider in the by calendar month , which was simulate from afford root deposit . TeamTNT cyberpunk utilise malicious crush register , along with AWS password , and deploy cryptocurrency miner to exfiltrate Docker API logins . Palo Alto investigator in another analysis bump an Ezuri dock-walloper in the fresh imprint armoury of the party . In December , a distributed self-abnegation of service ( DDoS ) subject IRC bot constitute TNTbotinger was deploy by the TeamTNT party .

# swathe up

With freshly instrument and malware , TeamTNT has been forever blow up its capableness and armory . It may be Sir Thomas More profitable to plan of attack a cluster of Kubernetes than a cut Docker master of ceremonies . The terror federal agent may be carry to deal a heavy - surmount assail in the dear future with Thomas More march on technique for initial infiltration , murder , protection turning away , and require and assure .