Security researchers caught attackers in the act of using legitimate third-party software to target their victims cloud infrastructure for cryptomining. The TeamTNT threat group attempted to gain visibility of and control over victims’ cloud-based systems. They did so by misusing Weave Scope, an open-source tool developed by Weave Works, which works with Docker and Kubernetes environments. The threat group used these features to gain full control over their cloud infrastructure, including all metadata relating to their containers and hosts.”]