Cybercrime group repurposes cloud monitoring tool Weave Scope as a backdoor to carry out malicious attacks. TeamTNT has been active at least since late April this year, targeting Docker and Kubernetes cloud environments. Cybersecurity firm Intezer says this is the first time attackers have been caught using legitimate third party software to target cloud infrastructure. TeamNT has previously targeted Docker and cloud environments to install a cryptocurrency mining malware and a DDoS bot. It’s recommended that Docker API endpoints are access restricted to prevent adversaries from taking control over the servers.
Source: https://thehackernews.com/2020/09/cloud-monitoring.html