These Masked Actors are infamous for cloud-targeted cryptojacking, Secure Shell (SSH) brute-force attacks, and data theft. Over the years, Team TNT, has developed new tools to hunt more victims while operating in the shadows. In 2022, Team TNT abruptly vanished, then re-emerged in 2023.
We’ve attributed over $8,100 in mined cryptocurrency, causing a huge amount in victim expenses ($430,000). Team TNT has launched long-term campaigns, targeting vulnerable public instances of Redis, Kubernetes, and Docker.
No known identities. However, our analysts have identified various traces of matching tactics, techniques, and procedures (TTPs) used by Team TNT in its 2023 and 2024 campaigns.
