Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration
Mar 16, 2023
Cryptojacking / Cyber Attack
The cryptojacking group known as TeamTNT is suspected to be behind a previously undiscovered strain of malware used to mine Monero cryptocurrency on compromised systems. That's according to Cado Security, which found the sample after Sysdig detailed a sophisticated attack known as SCARLETEEL aimed at containerized environments to ultimately steal proprietary data and software. Specifically, the early phase of the attack chain involved the use of a cryptocurrency miner, which the cloud security firm suspected was deployed as a decoy to conceal the detection of data exfiltration. The artifact – uploaded to VirusTotal late last month – "bear[s] several syntactic and semantic similarities to prior TeamTNT payloads, and includes a wallet ID that has previously been attributed to them," a new analysis from Cado Security has revealed . TeamTNT , active since at least 2019, has been documented to repeatedly strike cloud and container environments to deploy cryptocur
