A Curated Intelligence staff member - BushidoToken - recently collected and analysed every publicly-documented tactic, technique, and procedure (TTP) of the cloud-focused cybercriminal threat actor known as TeamTNT.
https://www.cyjax.com/2021/11/03/cyjax-research-sees-teamtnt-added-to-mitre-attck-framework/
TeamTNT is one of the most prominent threat actors to target cloud and container technologies. It has developed scripts and malware to target Docker, Kubernetes, and Amazon Web Services (AWS). Active since October 2019 and first disclosed in April 2020, TeamTNT distributes Trojan OS images on development repositories and automatically scans for and exploits vulnerable instances. The main aim of TeamTNT is to spread cryptocurrency mining malware and steal cloud credentials used by development and operations (DevOps) teams.
The contribution was added to the Mitre ATT&CK framework v10 here: https://attack.mitre.org/groups/G0139/Curated Intel Community Features are sourced using our Member Content channel on Discord. If you have recently produced a noteworthy piece of writing, a project, a podcast, an infographic or other CTI content let us know!