Team TMT cyber criminal group is back with their unique strategy to attack the cloud infrastructure. This time, they have used a legal way to reach their mischief desire.
The cybercriminals are so advanced that they use new tricks and tools to steal information and money from organizations. These illegal activists are so clever that they leave no clue for the IT security professionals. Similarly, the cybercrime group has used a genuine cloud monitoring tool named "Weave Scope" as a backdoor to perform the malware attack activities.
As reported by Intezer, an Israeli cybersecurity firm, this is the first time that they have ever experienced such malware activities using a third party genuine tool. The hackers of this era are very mysterious and dangerous. They take no time to break the security layers of your organization and enter into the network and servers.
TeamTNT has continued its attacks on the weakened Docker ports till late April 2020. Their attempt was to install cryptocurrency mining malware and a DDoS bot. Weave Scope has the potential to easily link with Dockers, Kubernetes, and Amazon Web Services, and enter into the clouding infrastructure. Last month, the gang updated their crime pattern and struck on the credential data stored in the AWS (Amazon web services) credentials and config files.
The tool behaves as a backdoor is installed on the server. Besides, the tool used the default 4040 port to get dashboard access.
Weave Scope is an open-source application that gives the complete view of infrastructure and enables us to work on the problems. In simple words, the intrinsic tool helps individuals with full cloud environment access.
Stay in touch with ISOEH (Indian School of Ethical Hacking) and know what's happening in the cybersecurity industry.