September 20, 2024 | The hacking group TeamTNT has launched a new attack campaign targeting VPS servers running CentOS. Known for cryptojacking and active since 2019, TeamTNT is exploiting SSH vulnerabilities to infiltrate systems.
Researchers from Group-IB report that the attackers use brute-force SSH attacks to install a malicious script that disables security features, modifies system files, and removes cryptocurrency mining processes. The script also deploys the Diamorphine rootkit to enable covert control and persistence on compromised hosts.
Security experts warn that TeamTNT’s focus on CentOS, especially outdated versions like CentOS 7, highlights the importance of securing cloud infrastructures and applying the latest patches.
Thanks for signing up!