Trend Micro: Cryptojacking Group TeamTNT targets Kubernetes clusters in wormlike attack. Cloud-focused cryptojacking group often targets Amazon Web Services credential files on compromised cloud systems to mine for Monero. Several IPs were repeatedly exploited between March and May, Trend Micro says. Researchers say most compromised nodes identified in internet service providers and cloud service providers were in China and the U.S. Researchers discovered that the IRC bot is written in C and is stored on the /tmp folder under the name kube.c.”]
Source: https://www.cuinfosecurity.com/nearly-50000-ips-compromised-in-kubernetes-clusters-a-16744