{"id":38616,"date":"2021-09-06T09:19:59","date_gmt":"2021-09-06T12:19:59","guid":{"rendered":"https:\/\/abes.org.br\/?p=38616"},"modified":"2021-08-30T14:57:45","modified_gmt":"2021-08-30T17:57:45","slug":"pesquisa-da-trend-micro-revela-atividades-do-grupo-teamtnt","status":"publish","type":"post","link":"https:\/\/abes.org.br\/en\/pesquisa-da-trend-micro-revela-atividades-do-grupo-teamtnt\/","title":{"rendered":"Trend Micro Research Reveals TeamTNT Group Activities"},"content":{"rendered":"

Survey shows the tools and techniques used and the impact of the group's malicious activities<\/em><\/p>\n

Trend Micro Brasil, one of the leading companies in cybersecurity solutions, conducted detailed research on TeamTNT, one of the most persistent groups of malicious hackers, which started a series of campaigns in 2020 and early 2021. Most of these campaigns \u2014 although varying the tools, techniques, and purpose\u2014targeted cloud environments.\"\"<\/p>\n

TeamTNT has been attacking in some form since 2011, but it wasn't until 2020 that the group started to draw attention. In April of last year, it launched a short-lived Covid-19-themed campaign, choosing pandemic-related words for its attack URLs. \u201cA month later, Trend Micro mapped an entry on how TeamTNT was targeting gateways.\u00a0daemon<\/em>\u00a0open Docker, to distribute cryptocurrency mining. The group also sparked another campaign, in late 2020, deploying TNTbotinger, an Internet Relay Chat (IRC) bot with distributed denial-of-service (DDoS) capabilities. This year, it focused even more on the cloud, covering different cloud-based services and software\u201d, comments Rodrigo Garcia, Sales Director at Trend Micro.<\/p>\n

Infection routines and payloads:<\/strong>
\nTeamTNT's infection routines usually follow a pattern, in which the group does reconnaissance using its scanner to choose suitable victims. After narrowing down its targets, it checks for misconfigurations and other security holes that can be exploited, such as:<\/p>\n