AWS Cloud Credential Stealing Campaign Spreads to Azure, Google Cloud>
– script
This article discusses a sophisticated cloud-credential stealing and cryptomining campaign targeting Amazon Web Services (AWS), Azure, and Google Cloud Platform (GCP) environments. It is believed to be linked to the TeamTNT threat actor, and has been making incremental refinements since December. Key takeaways: The same core attack scripts are being used in the AWS, Azure, and GCP campaigns. The threat actor has begun targeting exposed Docker services as of last month. The threat actor is prepping an “aggressive cloud worm” designed to deploy in AWS environments. Counter arguments: The Azure and GCP capabilities are less developed than the AWS tooling. The attacker is likely only testing its tools in Azure and GCP environments.
Link: https://www.darkreading.com/cloud/aws-cloud-credential-stealing-campaign-spreads-azure-google