Over the past several months, cybercrime group TeamTNT’s internet relay chat (IRC) bot has had its functionality expanded from resource theft for crypto-mining to include the theft of Docker API, Amazon Web Service, and secure shell (SSH) credentials. Researchers at Cado Security have outlined multiple recent changes in its post-invasion behaviour.
Read full article on InfoQ