Crypto Botnet Steals AWS Login Details To Maintain Its Servers

Vandana  |  Aug 18, 2020

Cado Security, a cybersecurity organization, based in the UK, has recently published a report claiming that the hackers have now started stealing Amazon Web Services (AWS) credentials. These AWS credentials have been stolen to deploy a crypto botnet. AWS is a cloud computing division by a huge e-commerce firm, Amazon. 

According to the firm, this is for the first time that their tools have been hacked to steal the web credentials. Cado security has claimed that around 119 systems have been compromised in this malware operation.

Crypto botnet has been active since April

The report reveals that this crypto botnet has been active since April. This was deployed by TeamTNT, which is a cybercrime group, and it has started targeting AWS logins recently. According to the cybersecurity firm, the exposed files have been used by hackers. Through this, they were able to use the powerful computing resources of Amazon to mine Monero. This crypto botnet directly targets the software tool called Docker that helps to infiltrate the computers using the AWS infrastructure. 

Attackers did not use much of the stolen credentials 

The researchers of the cybersecurity firm, Cado Security has said that the attackers have not used much of those stolen credentials. However, this cannot be mistaken that the threat has been avoided by the firm. The report states, “Nevertheless, when the attackers decide to do so, TeamTNT stands to seriously boost its profits.” This has been done by either installing the crypto botnets in powerful AWS clusters or by selling the stolen credentials. 

The attackers have transferred around three Monero to the two wallet addresses. Cado Security has specified that the hackers might have made a lot more than this because they control thousands of wallets currently. The similar kind of attacks has also been reported recently that has also created these crypto mining botnets.

Articles You May Read

    Related News