The TeamTNT cybercrime gang is back, attacking Docker and Kubernetes cloud instances by abusing a cloud-monitoring tool called Weave Scope. The open-source tool gives users full access to cloud environments. When abused, the tool gives the attacker full visibility and control over all assets in the victim s cloud environment, essentially functioning as a backdoor. Attackers gain access to all information about the victim’s server environment as well as the ability to control installed applications, making or breaking connections between cloud workloads, use of the memory and CPU.
Source: https://threatpost.com/teamtnt-remote-takeover-cloud-instances/159075/