TeamTNT
G01391 reportsAnalyst assessment — key judgments
- Signature techniques: T1590.005 (IP Addresses), T1588.006 (Vulnerabilities), T1552.004 (Private Keys).
- Primary targeting: US, DE.
- Currently dormant: 0 report(s) in last 30d vs 0 prior (+0%).
- Hunt coverage 83% of 6 observed techniques (1 gap(s)).
- Assessment confidence: medium (60).
Activity & trend
Vulnerabilities in this actor's reporting · 5
- CVE-2025-48703KEV1 rpt
- CVE-2025-55182KEV1 rpt
- CVE-2025-299271 rpt
- CVE-2025-95011 rpt
- CVE-2026-13571 rpt
Overview
TeamTNT is a threat group that has primarily targeted cloud and containerized environments. The group as been active since at least October 2019 and has mainly focused its efforts on leveraging cloud and container resources to deploy cryptocurrency miners in victim environments.(Citation: Palo Alto Black-T October 2020)(Citation: Lacework TeamTNT May 2021)(Citation: Intezer TeamTNT September 2020)(Citation: Cado Security TeamTNT Worm August 2020)(Citation: Unit 42 Hildegard Malware)(Citation: Trend Micro TeamTNT)(Citation: ATT TeamTNT Chimaera September 2020)(Citation: Aqua TeamTNT August 2020)(Citation: Intezer TeamTNT Explosion September 2021)
ATT&CK technique matrix
- T1590.005 · IP Addressesconf 601
- T1588.006 · Vulnerabilitiesconf 601
- T1552.004 · Private Keysconf 601
- T1021.007 · Cloud Servicesconf 601
- T1593.001 · Social Mediaconf 601
- T1589.001 · Credentialsconf 601
Threat catalogue · engineering roadmap
Uncovered techniques you flagged for hunt / detection build-out, aggregated across every actor you visit. Stored locally in your browser.
Infrastructure
Relationships
Activity
| Title | Source | Severity | Collected |
|---|