Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For Years
Cado Labs' honeypot infrastructure was recently compromised by a complex and multi-stage cryptojacking attack.
Although the attack utilised many TeamTNT TTPs, It is assessed with high confidence that the group WatchDog is continuing to repurpose TeamTNT payloads - as they've done in the past.
The attack targets exposed Docker Engine API endpoints and Redis servers, and can propagate in a worm-like fashion.
Several sophisticated techniques were employed, including timestomping, process hiding and exploitation of a misconfigured Redis database that leaves it vulnerable to remote code execution.
Featured Resources
blog
How Cymulate Supports Hong Kong's 2025 Protection of Critical Infrastructure Ordinance
In March 2025, Hong Kong's Protection of Critical Infrastructure (Computer System) Ordinance was enacted and will go into effect in
blog
Reducing Attack Surface with Exposure Management and Attack Path Discovery
See how exposure management and attack path discovery turn attack surface reduction into continuous, proven resilience.
Report
Strategic Roadmap for Continuous Threat Exposure Management
This Gartner® report guides CISOs from traditional vulnerability management to a dynamic CTEM program.