The group would access the API and deploy servers inside the Docker install that would run DDoS and crypto-mining malware. According to researchers, the TeamTNT botnet is now targeting
also misconfigured Kubernetes installations. The botnet operators have added a new feature that scans the underlying infected servers for any Amazon Web Services (AWS) credentials. The TeamTNT bot borrows the code from another worm tracked as Kinsing, which
was spotted in April while targeting Docker clusters to deploy crypto-miners.
Learn more >