The Atlassian Confluence exploit has been in the wild for a while now. Although the response and patching was quite rapid, there are still servers that are unpatched and being exploited.
This month, CounterCraft celebrates Cybersecurity Awareness Month hand in hand with the National Cybersecurity Alliance. Cybersecurity is the ultimate goal of everything we do, which is why we are fans of this initiative.
You may have seen our recent posts about how TeamTNT is abusing Docker daemons for mining Monero. In this blog post, we will describe another method we have observed that includes the use of malicious Docker images available at Docker Hub.
Last week, we published a blog post describing how TeamTNT created a Docker worm that was replicating itself in open Docker daemons. In the case of that example, everything took place inside a Docker container.
The abuse of open Docker daemons for mining cryptocurrencies is nothing new. You can find multiple blog posts (Aqua, CloudVector, SentinelOne, Palo Alto, etc.) about how different threat actors are creating Docker containers for mining purposes.