TeamTNT Hackers are Now Targeting Top Crypto Through Hijacking Servers to Solve for Encryption

While Bitcoin is often referred to as safe because of its encryption, hackers are trying to put this to the test. TeamTNT is trying to hijack servers in order for them to run Bitcoin encryption solvers.

Hackers are Trying to Target Cryptocurrency by Hijacking Servers to Solve for Encryption

One argument as to why cryptocurrency is a viable option for the future is because of its encryption and how it cannot be hacked. What hackers are trying to do, however, is to hijack servers in order for them to run encryption solvers on a larger scale.

According to the story by Bleeping Computer, AquaSec's threat analysis was able to spot certain signs of activity from TeamTNT since early September. The article notes that due to their sightings, they now believe that the notorious hacking group is finally back in action.

TeamTNT Announced in November 2021 that They were Officially Out of the Game

Back in November 2021, TeamTNT gave an announcement that it would be quitting, and up until recently, it really did seem that this was the case since little to no activity was spotted. As per the article, a lot of associated observations since the announcement only involved remnants of previous infections like automated scripts but did not include any new payloads.

More recent attacks, however, bear signatures that are linked to TeamTNT. The attacks reportedly even included tools that the gang previously deployed and shows a hint that the threat actor could indeed be making a comeback.

Researchers Found Similarities in the Recent Attacks to Those being Used by TeamTNT

The researchers were able to find three different attack types that were previously used in the TeamTNT attacks. The article noted that the most interesting one of the attacks was using the computational power of the hijacked server in order for the attackers to run Bitcoin encryption solvers.

The attack was called the "Kangaroo attack" due to it using the Kangaroo WIF solver by Pollard as well as attack scanners for the vulnerable Docker Daemons which then deploy an AlpineOS image and injects a k.sh script.

Read Also: A Vindictive Vietnamese Couple Hacks IHG's Hotel Chain Data For Fun

Things that Organizations and Businesses can Do in Order to Improve Their Security

After the process has been followed, the attack will then fetch solvers coming from GitHub. It was noted that the Kangaroo interval Elliptic Curve Discrete Logarithm Problem solver algorithm by Pollard is reportedly an attempt to break Bitcoin's public-key cryptography, the SECP256K1 encryption.

The article then ends by saying that whether or not this is actually TeamTNT acting, organizations and companies should still improve their cloud security to avoid potential damage. One way that this can be done is by strengthening the Docker configuration.

The article notes that another way that organizations and companies can improve their overall security is through applying all the available security updates before it becomes too late and their systems become infected.

Related Article: Scam Alert! Fake Microsoft Emails About Queen's Death Can Steal Your Confidential Information

This article is owned by Tech Times

Written by Urian B.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics