In a recent attack, cybercrime group TeamTNT relied on a legitimate tool to avoid deploying malicious code on compromised cloud infrastructure and still have a good grip on it. They
used an opensource tool specifically created to monitor and control cloud environments with Docker and Kubernetes installations, thus reducing their footprint on the breached server. According to researchers, this may be the first time a legitimate third-party
tool is abused to play the part of a backdoor in a cloud environment, also indicating the evolution of this particular group.
Learn more >