{"id":160469,"date":"2023-03-16T20:22:46","date_gmt":"2023-03-17T01:22:46","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2023\/03\/cryptojacking-group-teamtnt-suspected-of-using-decoy-miner-to-conceal-data-exfiltration"},"modified":"2023-03-16T20:22:46","modified_gmt":"2023-03-17T01:22:46","slug":"cryptojacking-group-teamtnt-suspected-of-using-decoy-miner-to-conceal-data-exfiltration","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2023\/03\/cryptojacking-group-teamtnt-suspected-of-using-decoy-miner-to-conceal-data-exfiltration","title":{"rendered":"Cryptojacking Group TeamTNT Suspected of Using Decoy Miner to Conceal Data Exfiltration"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/cryptojacking-group-teamtnt-suspected-of-using-decoy-miner-to-conceal-data-exfiltration.jpg\"><\/a><\/p>\n<p>The cryptojacking group known as <strong>TeamTNT<\/strong> is suspected to be behind a previously undiscovered strain of malware used to mine Monero cryptocurrency on compromised systems.<\/p>\n<p>That\u2019s according to Cado Security, which <a href=\"https:\/\/www.virustotal.com\/gui\/file\/595497c407795e0dbb562a4616fd877ce1eb2e86424672bac8003662e1fa07eb\/\" rel=\"noopener\" target=\"_blank\">found<\/a> the <a href=\"https:\/\/www.virustotal.com\/gui\/file\/61fdad6d9b149e8d4fc54a848a25219eb9f1364a58073c27eadde8f8298a9573\/\" rel=\"noopener\" target=\"_blank\">sample<\/a> after Sysdig detailed a sophisticated attack known as <a href=\"https:\/\/thehackernews.com\/2023\/03\/hackers-exploit-containerized.html\" rel=\"noopener\" target=\"_blank\">SCARLETEEL<\/a> aimed at containerized environments to ultimately steal proprietary data and software.<\/p>\n<p>Specifically, the early phase of the attack chain involved the use of a cryptocurrency miner, which the cloud security firm suspected was deployed as a decoy to conceal the detection of data exfiltration.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The cryptojacking group known as TeamTNT is suspected to be behind a previously undiscovered strain of malware used to mine Monero cryptocurrency on compromised systems. That\u2019s according to Cado Security, which found the sample after Sysdig detailed a sophisticated attack known as SCARLETEEL aimed at containerized environments to ultimately steal proprietary data and software. Specifically, [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1761,34],"tags":[],"class_list":["post-160469","post","type-post","status-publish","format-standard","hentry","category-cryptocurrencies","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/160469","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=160469"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/160469\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=160469"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=160469"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=160469"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}