Cybersecurity researchers have figured out what they think is the first stealth crypto mining campaign to steal credentials from Amazon web services. (AWS).
The mining campaign was described as relatively straightforward by Cado Security in his report of August 17th. Overall, it seems that so far it has only resulted in attackers operating under the TeamTNT name bringing in just under $ 300 in illegal profits.
What caught the researchers’ attention was the specific functionality of the crypto mining worm to steal AWS credentials.
Cado Security sees this as part of a broader trend that shows this Hackers and attackers are quickly adapting to the growing number of organizations migrating their computing resources to cloud and container environments.
The report shows that hacking AWS credentials is relatively easy. In addition, the TeamTNT campaign recycled some of its code from another worm called “Kinsing” that is designed to expose Alibaba’s cloud security tools.
Based on these recycling patterns, the report Cado notes that the researchers are now hoping future crypto-mining worms will copy and paste TeamTNT code to hack AWS credentials in the future.
As is so often the case in stealth crypto mining campaigns The TeamTNT worm uses the XMRig mining tool to mine Monero (XMR) for the benefit of the attackers.
Cado Security investigated MoneroOcean, one of the mining pools used by the attackers, and used it to compile a list of 119 compromised systems that were successfully attacked by the worm.
Stealth cryptocurrency mining attacks are alternatively referred to as “cryptojacking”., an industry term that refers to the practice of using the processing power of a computer to mine cryptocurrencies without the consent or knowledge of the owner.
In March of this year, Singapore-based Acronis released the results of its latest cybersecurity survey that showed it 86% of IT professionals were concerned about the risks these attacks pose to their business.
Don’t stop reading: