"Hackers Use Cloud Monitoring Tool to Install Cryptominers"

Reports from Microsoft and Intezer reveal the weaponization of a legitimate cloud monitoring tool, called Weave Scope, to install cryptominers in cloud environments. TeamTNT is the hacking group discovered to be using the tool to perform this malicious activity. The group, initially discovered in May, used botnets to install cryptomining malware on unprotected Kubernetes and Docker systems running on top of Amazon Web Services (AWS) servers to steal AWS credentials. Weave Scope is an open-source visualization and monitoring tool from Weave Works that integrates with Docker, Kubernetes, and AWS Elastic Compute Cloud (ECS). It is now being used by the group to gain access to these cloud platforms and install cryptomining malware. This article continues to discuss TeamTNT's use of the Weave Scope tool to target cloud platforms and other recent findings of cryptomining campaigns targeting cloud platforms and containers. 

BankInfoSecurity reports "Hackers Use Cloud Monitoring Tool to Install Cryptominers"