Taking TeamTNT’s Docker Images Offline

The Takeaways TeamTNT targets exposed Docker API to deploy malicious images. Docker images containing TeamTNT malware are being hosted in public Docker repos via account takeovers.  TeamTNT leverages exposed Docker hub secrets within GitHub to stage malicious Docker images. The following MITRE ATT&CK techniques were observed: Deploy Container (T1610), User Execution: Malicious Image (T1204.003), Unsecured [...]

Read More...

The post Taking TeamTNT’s Docker Images Offline appeared first on Lacework.

Article Link: Taking TeamTNT’s Docker Images Offline -