Attack group known for cloud-specific campaigns targeting Amazon Web Services credentials has expanded its toolkit to steal more credentials from targeted cloud systems. The TeamTNT group was first spotted in August 2020, Chris Doman, co-founder and CTO of Cado Security, said in a talk at this week’s Black Hat Europe. New tools added to their arsenal include Docker Escape, off GitHub, and Break Out the Box, which scrapes Google Cloud credentials and other metadata. The group has also expanded beyond AWS credentials to target credential files from Google Cloud Platform as well, Doman noted.”]
Source: https://www.darkreading.com/cloud/cloud-attack-analysis-unearths-lessons-for-security-pros