Team TNT – The First Crypto-Mining Worm to Steal AWS Credentials

August 17, 2020

Over the weekend we’ve seen a crypto-mining worm spread that steals AWS credentials. It’s the first worm we’ve seen that contains such AWS specific functionality. The worm also steals local credentials, and scans the internet for misconfigured Docker platforms. We have seen the attackers, who call themselves “TeamTNT”, compromise a number of Docker and Kubernetes..

Read more

The “Your Site Has Been Hacked” Scam

June 12, 2020

Today many have received an email titled “Your Site Has Been Hacked” claiming that your site had been hacked. This is a scam that’s pretty common at the moment – the scammers are blasting out the same template e-mail to millions of site owners. It doesn’t look like a particularly successful scam either – we’ve..

Read more

An Ongoing AWS Phishing Campaign

June 11, 2020

Below we have analyzed an on-going campaign to steal AWS accounts through phishing. We’ve identified linked attacks, and outlined what attackers are doing with the stolen accounts. Lastly, we provide some recommendations on how to secure your AWS accounts against these kinds of attacks. The attack we investigated started with an e-mail sent from a..

Read more