Hacker Group TeamTNT Resurfaces and Targets CentOS Servers for Digital Currency Mining

TapTechNews September 24th news, security company Group-IB released a report warning that the hacker group TeamTNT, which disappeared in 2022, has now resurfaced and is currently targeting VPS servers running the CentOS operating system and manipulating these servers to mine digital currency.

TapTechNews learned that the hackers first connect to the target host via SSH, use brute force to obtain initial access rights, and then upload a malicious script that will disable other digital currency mining software on the victimized server, simultaneously deactivate the firewall, delete system event logs, and deploy a rootkit tool named Diamorphine to use the victimized server for mining digital currency.

The security company mentioned that the relevant script will specifically check whether there is Alibaba's security protection mechanism aliyun.service in the VPS. If found, it will download the script to remove it, suggesting that the hacker group is attempting to attack Alibaba Cloud servers.