G0139

G0139TeamTNT

Description

[TeamTNT](https://attack.mitre.org/groups/G0139) is a threat group that has primarily targeted cloud and containerized environments. The group as been active since at least October 2019 and has mainly focused its efforts on leveraging cloud and container resources to deploy cryptocurrency miners in victim environments.(Citation: Palo Alto Black-T October 2020)(Citation: Lacework TeamTNT May 2021)(Citation: Intezer TeamTNT September 2020)(Citation: Cado Security TeamTNT Worm August 2020)(Citation: Unit 42 Hildegard Malware)(Citation: Trend Micro TeamTNT)(Citation: ATT TeamTNT Chimaera September 2020)(Citation: Aqua TeamTNT August 2020)(Citation: Intezer TeamTNT Explosion September 2021)

References

  1. https://attack.mitre.org/groups/G0139
  2. https://cybersecurity.att.com/blogs/labs-research/teamtnt-with-new-campaign-aka-chimaera
  3. https://www.cadosecurity.com/team-tnt-the-first-crypto-mining-worm-to-steal-aws-credentials/
  4. https://unit42.paloaltonetworks.com/hildegard-malware-teamtnt/
  5. https://documents.trendmicro.com/assets/white_papers/wp-tracking-the-activities-of-teamTNT.pdf
  6. https://www.intezer.com/blog/cloud-security/attackers-abusing-legitimate-cloud-monitoring-tools-to-conduct-cyber-attacks/
  7. https://www.intezer.com/wp-content/uploads/2021/09/TeamTNT-Cryptomining-Explosion.pdf
  8. https://blog.aquasec.com/container-security-tnt-container-attack
  9. https://unit42.paloaltonetworks.com/black-t-cryptojacking-variant/
  10. https://www.lacework.com/blog/taking-teamtnt-docker-images-offline/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Group
Evilnum
Software
Hildegard
Group
Threat Group-3390
Group
Suckfly
Group
TA505
Group
TA551
Sourced from MITRE ATT&CK Enterprise 14.1. Curated by Adam Lundqvist, SQUR.